NEAS[.]31b292608cd39e45aaf06eae9721f260[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.31b292608cd39e45aaf06eae9721f260.cab
Size

7.2MB
MD5

31b292608cd39e45aaf06eae9721f260
SHA1

365edf5046497692d81856f75f8ff0354f1022f1
SHA256

188f44c4c53ce27b8cfa5758e9228cfda737d6fae19ece8a6fb11884b0357c2e
SHA512

990b42f1615c8679ee4b8e0d1cd2b3c2402936f08d4eca69aa9eb5820ecedf75d53258e50f8caab997991c807269095a76d740ce93de5274f21149273ea6d401
SSDEEP

98304:yMW8Vly6ZPa/GCfUHSKCTtLwtb0wrw3EPHJ/g5f6Vh12un+78D0ROZ5d:IsaesUr+urw3r5fIh1x+78D3

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/avp.exe
unpack001/avp_azure.exe
unpack001/com_antivirus.dll

Files

NEAS.31b292608cd39e45aaf06eae9721f260.cab
.cab
avp.exe
.exe windows:5 windows x86

b6e1ba760cbeffdce764e8827f82651a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
FindResourceW
LoadResource
LockResource
lstrlenW
OutputDebugStringW
lstrcpyW
FreeResource
lstrcatW
LoadLibraryW
GetProcAddress
GetCommandLineW
ExitProcess
TerminateProcess
lstrcpynW
HeapFree
GetModuleFileNameW
HeapAlloc
FreeLibrary
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent

advapi32

RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avp.kcat
avp_azure.exe
.exe windows:5 windows x86

4eb087fb4320d9c065cf54041a998208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
FindResourceW
LoadResource
LockResource
lstrlenW
OutputDebugStringW
lstrcpyW
FreeResource
lstrcatW
LoadLibraryW
GetProcAddress
GetCommandLineW
ExitProcess
TerminateProcess
lstrcpynW
HeapFree
GetModuleFileNameW
HeapAlloc
FreeLibrary
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent

advapi32

RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avp_azure.kcat
avp_start_menu.ico
avpinst.dll
.dll windows:6 windows x86

cc0c2623401ed3270c19a410475b2d27

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25/08/2021, 14:06

Not After

25/08/2036, 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78
Signer

Actual PE Digest

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78

Digest Algorithm

sha256

PE Digest Matches

true

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78
Signer

Actual PE Digest

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord8
ord17
ord125
ord103
ord74

userenv

GetProfilesDirectoryW
UnloadUserProfile

shlwapi

SHDeleteKeyW

rpcrt4

UuidCreate

kernel32

GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetLastError
CloseHandle
RaiseException
HeapAlloc
GetCurrentDirectoryW
MoveFileExW
GetProcessHeap
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
DecodePointer
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameA
GetEnvironmentVariableW
LoadLibraryW
GetLocalTime
FreeLibrary
LoadLibraryExW
Sleep
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
OpenProcess
GetCurrentProcess
DeleteFileW
GetModuleHandleExW
InitializeCriticalSectionEx
CreateProcessW
ResumeThread
WaitForSingleObject
GetExitCodeProcess
CopyFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFileAttributesW
RemoveDirectoryW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ExpandEnvironmentStringsW
FindNextFileW
HeapFree
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
SetStdHandle
ReadConsoleW
WriteConsoleW
SetFilePointer
GetModuleHandleExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
LocalFree
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
GetLocaleInfoEx
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetFileType
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW

user32

wsprintfW

advapi32

RegUnLoadKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
ChangeServiceConfigW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegLoadKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

cabinet

ord22
ord20
ord23

Exports

Exports

GetVersionedAVPInstaller
MsiProductActivate
MsiProductDeactivate
MsiProductRbActivate

Sections

.text
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avpuilauncher.ico
backup.dll
.dll windows:6 windows x86

31cfab900ccdfb01cd8ec9471eee6c52

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25/08/2021, 14:06

Not After

25/08/2036, 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07
Signer

Actual PE Digest

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07

Digest Algorithm

sha256

PE Digest Matches

true

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07
Signer

Actual PE Digest

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

GetVolumeInformationW
CreateDirectoryW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
CreateEventW
SetEvent
ResetEvent
WaitForSingleObjectEx
GetComputerNameW
DeviceIoControl
IsWow64Process
GetVersionExW
FindVolumeClose
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
SystemTimeToFileTime
GetFullPathNameW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
FormatMessageA
FindNextFileW
GlobalAlloc
GlobalFree
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
ReadFile
LoadLibraryExW
GetSystemDirectoryW
FreeLibrary
IsProcessorFeaturePresent
OutputDebugStringW
InitializeSListHead
GetFileInformationByHandle
FindClose
Sleep
LocalFree
GetFileSizeEx
CreateFileW
GetModuleHandleExA
GetModuleFileNameA
CloseHandle
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetCurrentProcess
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
GetProcessHeap
HeapFree
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent

advapi32

FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
SetNamedSecurityInfoW
DeleteAce
GetAce
GetAclInformation
GetExplicitEntriesFromAclW
SetEntriesInAclW
GetNamedSecurityInfoW
LookupAccountSidW
IsValidSid
CreateWellKnownSid
EqualSid
LookupAccountNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RevertToSelf
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
OpenThreadToken
GetTokenInformation
CopySid
GetLengthSid

ole32

CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
SysStringByteLen
SysAllocString

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?uncaught_exceptions@std@@YAHXZ
??1ios_base@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Init@ios_base@std@@IAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?clear@ios_base@std@@QAEXH_N@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xbad_function_call@std@@YAXXZ
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

userenv

UnloadUserProfile

vcruntime140

__std_terminate
memset
_except_handler4_common
__current_exception_context
memmove
__current_exception
__CxxFrameHandler3
memcpy
__std_exception_destroy
__std_type_info_destroy_list
__std_exception_copy
_CxxThrowException
memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

wcrtomb_s
mbrtowc
_itoa

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

towupper
towlower
wcsncmp
toupper

api-ms-win-crt-math-l1-1-0

_CIexp
ceil
floor

Exports

Exports

?GetTracer@@YAPAUITracer@eka@@XZ
ekaCanUnloadModule
ekaGetObjectFactory

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cm_km.inf_x86
cm_km.sys_x86
.sys windows:6 windows x86

b390f3b1c3b4525025a1b4d847439aa5

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:fa:a7:3b:80:dc:dc:cc:61:7f:6a:3d:d0:5f:b1:1e:e3:cc:c7:6c:a3:07:40:4b:1b:0d:46:b6:86:89:c9:14
Signer

Actual PE Digest

46:fa:a7:3b:80:dc:dc:cc:61:7f:6a:3d:d0:5f:b1:1e:e3:cc:c7:6c:a3:07:40:4b:1b:0d:46:b6:86:89:c9:14

Digest Algorithm

sha256

PE Digest Matches

true

46:fa:a7:3b:80:dc:dc:cc:61:7f:6a:3d:d0:5f:b1:1e:e3:cc:c7:6c:a3:07:40:4b:1b:0d:46:b6:86:89:c9:14
Signer

Actual PE Digest

46:fa:a7:3b:80:dc:dc:cc:61:7f:6a:3d:d0:5f:b1:1e:e3:cc:c7:6c:a3:07:40:4b:1b:0d:46:b6:86:89:c9:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlGetVersion
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
IoCreateDevice
IoDeleteDevice
ExFreePoolWithTag
KeInitializeEvent
IofCompleteRequest
KeBugCheckEx
RtlAppendUnicodeStringToString
KeQuerySystemTime
RtlCompareUnicodeString

hal

ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cm_km_sha1.inf_x86
cm_km_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cm_km_sha1_reg.inf_x86
com_antivirus.dll
.dll regsvr32 windows:6 windows x86

0905d26fb0d23b9337f22f8cc513caa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptUnprotectData
CryptProtectMemory
CryptProtectData
CryptUnprotectMemory

kernel32

LocalFree
LoadLibraryExW
OpenProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExA
ReadFile
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
TlsSetValue
Sleep
TlsAlloc
HeapReAlloc
TlsGetValue
TlsFree
GetCurrentProcess
TerminateProcess
CreateEventW
SetEvent
WaitForSingleObjectEx
QueryPerformanceFrequency
ResetEvent
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreW
OutputDebugStringA
GetComputerNameW
FindFirstFileExW
FindNextFileW
GetLongPathNameW
DeviceIoControl
GetFinalPathNameByHandleW
FindClose
UnmapViewOfFile
GetFileAttributesExW
FlushViewOfFile
DeleteFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualFree
VirtualAlloc
DuplicateHandle
SwitchToThread
GetTickCount
ExpandEnvironmentStringsW
WaitForSingleObject
ResumeThread
GetModuleHandleA
MultiByteToWideChar
LoadLibraryA
CreateThread
CreateProcessW
CreateEventA
GetProcessTimes
GetComputerNameA
ProcessIdToSessionId
WriteProcessMemory
GetNativeSystemInfo
ReadProcessMemory
VirtualQuery
VirtualProtect
QueryPerformanceCounter
GetSystemInfo
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
RemoveVectoredExceptionHandler
SetLastError
HeapValidate
AddVectoredExceptionHandler
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateFileW
WriteFile
GetSystemTimeAsFileTime
VerifyVersionInfoW
SystemTimeToFileTime
GetCurrentProcessId
VerSetConditionMask
GetCurrentDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
GetModuleHandleExW
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EncodePointer
EnterCriticalSection
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
GetModuleHandleW
GetProcessHeap
GetProcAddress
HeapAlloc
RaiseException
GetThreadPriority
GetCurrentThread
GetLastError
GetModuleHandleExA
SetThreadPriority
HeapFree
GetModuleFileNameA
CloseHandle
OpenEventA
WriteConsoleW
SetStdHandle
HeapSize
GetConsoleOutputCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
WideCharToMultiByte
InitializeSListHead
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter

advapi32

DuplicateTokenEx
OpenProcessToken
RegQueryValueExW
SetSecurityDescriptorDacl
SetEntriesInAclA
InitializeSecurityDescriptor
ConvertStringSidToSidA
MakeSelfRelativeSD
MakeAbsoluteSD
CreateWellKnownSid
CopySid
GetLengthSid
LookupAccountNameW
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
LookupPrivilegeValueA
FreeSid
SetThreadToken
RegOpenKeyExW
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorA
ImpersonateLoggedOnUser
OpenThreadToken
RegCloseKey
GetTokenInformation

ole32

CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

ws2_32

WSAEventSelect
send
socket
connect
recv
WSAEnumNetworkEvents
ioctlsocket
setsockopt
getsockname
WSAStringToAddressA
WSAAddressToStringA
ntohs
htons
WSACleanup
WSAStartup
inet_addr
WSACreateEvent
listen
closesocket
accept
bind
WSAGetLastError

rpcrt4

NDRCContextMarshall
RpcErrorGetNextRecord
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesA
RpcBindingVectorFree
RpcMgmtEpEltInqBegin
RpcMgmtSetCancelTimeout
RpcMgmtEpEltInqDone
RpcServerUnregisterIf
RpcBindingCopy
RpcServerUseProtseqEpA
RpcMgmtEpEltInqNextW
RpcEpRegisterA
RpcBindingToStringBindingA
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcMgmtEpEltInqNextA
RpcCancelThread
RpcBindingSetAuthInfoExW
RpcServerInqCallAttributesW
RpcBindingSetAuthInfoExA
I_RpcSendReceive
RpcBindingFree
RpcStringFreeW
RpcRaiseException
RpcSsDestroyClientContext
RpcStringFreeA
RpcErrorEndEnumeration
I_RpcGetBuffer
RpcBindingFromStringBindingA
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
NDRSContextUnmarshall
RpcErrorStartEnumeration
RpcMgmtSetComTimeout
NDRCContextUnmarshall
I_RpcBindingInqTransportType
RpcStringBindingComposeA
RpcServerUnregisterIfEx
I_RpcFreeBuffer
NDRSContextMarshall

userenv

UnloadUserProfile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl1.inf_X86
kl1.sys_X86
.sys windows:6 windows x86

02ce1e671517f13ca341eabf5a84e8d4

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:2b:33:9b:86:d7:f9:44:37:4c:ad:e6:bb:22:34:7c:1b:6a:c0:08:8b:30:16:e7:a2:63:cf:6c:4c:9d:7c:dc
Signer

Actual PE Digest

d2:2b:33:9b:86:d7:f9:44:37:4c:ad:e6:bb:22:34:7c:1b:6a:c0:08:8b:30:16:e7:a2:63:cf:6c:4c:9d:7c:dc

Digest Algorithm

sha256

PE Digest Matches

true

0c:02:dd:8b:b7:51:c0:86:e5:25:f9:f7:3d:96:b8:c7:1e:97:06:82
Signer

Actual PE Digest

0c:02:dd:8b:b7:51:c0:86:e5:25:f9:f7:3d:96:b8:c7:1e:97:06:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwCreateKey
ZwQueryValueKey
memcpy
memset
KeWaitForSingleObject
PsCreateSystemThread
PsGetVersion
ObReferenceObjectByHandle
ObfDereferenceObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
sprintf
swprintf
strchr
_stricmp
_strnicmp
MmGetSystemRoutineAddress
IoAllocateIrp
RtlPrefixUnicodeString
ZwQuerySystemInformation
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
ZwClose
ZwOpenKey
ZwEnumerateValueKey
ZwSetValueKey
wcschr
IofCompleteRequest
DbgPrint
_purecall
strncmp
RtlUnicodeStringToAnsiString
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ExAllocatePool
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlGetVersion
KeInitializeMutex
KeReleaseMutex
MmIsDriverVerifying
IoCreateSymbolicLink
IoDeleteDevice
PsSetLoadImageNotifyRoutine
PsGetCurrentProcessId
IoRegisterBootDriverReinitialization
InitSafeBootMode
KeBugCheckEx
_aullshr
RtlUnwind
ExFreePoolWithTag
ExAllocatePoolWithTag
IoGetRelatedDeviceObject
RtlInitUnicodeString
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
_chkstk
memmove
_allmul
_allshl
_aulldvrm
_aulldiv

hal

KfAcquireSpinLock
HalGetAdapter
KfReleaseSpinLock

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.4lulz
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klbackupdisk.inf_x86
klbackupdisk.sys_x86
.sys windows:6 windows x86

8105b1c0b247b39581de25548eea58bc

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:af:d6:a5:80:fa:c9:6d:9f:a1:9c:fb:73:92:dc:b6:bc:69:bd:b0:53:7c:07:6f:21:5f:ba:f7:c9:5b:2e:b4
Signer

Actual PE Digest

d8:af:d6:a5:80:fa:c9:6d:9f:a1:9c:fb:73:92:dc:b6:bc:69:bd:b0:53:7c:07:6f:21:5f:ba:f7:c9:5b:2e:b4

Digest Algorithm

sha256

PE Digest Matches

true

d8:af:d6:a5:80:fa:c9:6d:9f:a1:9c:fb:73:92:dc:b6:bc:69:bd:b0:53:7c:07:6f:21:5f:ba:f7:c9:5b:2e:b4
Signer

Actual PE Digest

d8:af:d6:a5:80:fa:c9:6d:9f:a1:9c:fb:73:92:dc:b6:bc:69:bd:b0:53:7c:07:6f:21:5f:ba:f7:c9:5b:2e:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCopyUnicodeString
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoWMIRegistrationControl
LdrFindResource_U
LdrAccessResource
_vsnwprintf
InitSafeBootMode
IoGetCurrentProcess
RtlGetVersion
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExInitializeRundownProtection
KeDelayExecutionThread
ExReInitializeRundownProtection
ObReferenceObjectByName
IoDriverObjectType
ObfDereferenceObject
ExAcquireRundownProtection
IoAllocateWorkItem
IoQueueWorkItemEx
ExReleaseRundownProtection
IoGetTopLevelIrp
IofCompleteRequest
IoFreeWorkItem
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
ZwClose
ZwQuerySystemInformation
IoWriteErrorLogEntry
_purecall
IoGetBootDiskInformation
IoAllocateErrorLogEntry
FsRtlIsNameInExpression
RtlEqualUnicodeString
ZwEnumerateValueKey
ZwCreateKey
ZwDeleteValueKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
ZwOpenKey
ZwSetSecurityObject
RtlAppendUnicodeStringToString
ObQueryNameString
IoDeleteDevice
ZwOpenSymbolicLinkObject
IoDeleteSymbolicLink
IoCreateSymbolicLink
KeBugCheckEx
KeSetEvent
ExQueueWorkItem
KeInitializeEvent
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
ExWaitForRundownProtectionRelease
KeEnterCriticalRegion
ExfAcquirePushLockExclusive
ExfReleasePushLock
KeLeaveCriticalRegion
MmHighestUserAddress
RtlImageNtHeader
RtlLengthSecurityDescriptor
RtlUnwind
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
memcpy
memset
IoDeviceObjectType
IoCreateDevice
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlFreeUnicodeString

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klbackupdisk_sha1.inf_x86
klbackupdisk_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klbackupdisk_sha1_reg.inf_x86
klbackupflt.inf_x86
klbackupflt.sys_x86
.sys windows:6 windows x86

0eb047bfec5a8f0653e7664ed7cfcccc

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:01:ae:0d:d8:0a:3e:c5:13:55:c2:5c:30:d4:7f:9c:ae:fb:22:fd:95:d2:20:8c:d4:70:91:f3:dd:65:52:f2
Signer

Actual PE Digest

a5:01:ae:0d:d8:0a:3e:c5:13:55:c2:5c:30:d4:7f:9c:ae:fb:22:fd:95:d2:20:8c:d4:70:91:f3:dd:65:52:f2

Digest Algorithm

sha256

PE Digest Matches

true

a5:01:ae:0d:d8:0a:3e:c5:13:55:c2:5c:30:d4:7f:9c:ae:fb:22:fd:95:d2:20:8c:d4:70:91:f3:dd:65:52:f2
Signer

Actual PE Digest

a5:01:ae:0d:d8:0a:3e:c5:13:55:c2:5c:30:d4:7f:9c:ae:fb:22:fd:95:d2:20:8c:d4:70:91:f3:dd:65:52:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fltmgr.sys

FltInitializePushLock
FltAcquirePushLockExclusive
FltClose
FltReleasePushLock
FltDeletePushLock
FltCreateFile
FltCreateSystemVolumeInformationFolder
FltCreateFileEx
FltSetInformationFile
FltAcquirePushLockShared
FltAllocateCallbackData
FltLockUserBuffer
FltClearCallbackDataDirty
FltPerformSynchronousIo
FltFreeCallbackData
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltIsVolumeSnapshot
FltAllocateContext
FltQueryVolumeInformation
FltGetVolumeName
FltSetInstanceContext
FltReleaseContext
FltGetInstanceContext
FltGetRequestorProcess
FltGetRequestorProcessIdEx
FltGetFileNameInformation
FltReleaseFileNameInformation
FltGetRoutineAddress
FltObjectReference
FltObjectDereference
FltFsControlFile
FltReadFile
FltGetVolumeFromInstance
FltGetDiskDeviceObject
FltQueryInformationFile
FltFlushBuffers
FltGetEcpListFromCallbackData
FltFindExtraCreateParameter
FltAcknowledgeEcp
FltGetFileNameInformationUnsafe
FltGetDestinationFileNameInformation
FltGetStreamContext
FltSetStreamContext
FltReferenceContext
FltSetStreamHandleContext
FltGetStreamHandleContext
FltEnumerateInstances
FltWriteFile
FltGetVolumeFromDeviceObject
FltGetVolumeGuidName

ntoskrnl.exe

IoSetThreadHardErrorMode
ObfDereferenceObject
KeGetCurrentThread
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlCopyUnicodeString
KeQuerySystemTime
RtlInsertElementGenericTableAvl
RtlCompareUnicodeString
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
PsReferenceImpersonationToken
PsDereferenceImpersonationToken
IoGetCurrentProcess
SeQueryAuthenticationIdToken
PsInitialSystemProcess
PsGetProcessSectionBaseAddress
KeBugCheckEx
ZwQuerySystemInformation
ExFreePoolWithTag
MmGetSystemRoutineAddress
IoWMIRegistrationControl
LdrFindResource_U
LdrAccessResource
_vsnwprintf
RtlAppendUnicodeStringToString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlGetVersion
InitSafeBootMode
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
FsRtlIsNameInExpression
RtlIsGenericTableEmptyAvl
RtlNumberGenericTableElementsAvl
IoGetAttachedDeviceReference
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
RtlDecompressBuffer
ZwSetValueKey
PsGetVersion
RtlAppendUnicodeToString
RtlEqualUnicodeString
PsGetThreadId
KeDelayExecutionThread
PsCreateSystemThread
ObReferenceObjectByHandle
KeSetEvent
KeSetPriorityThread
KeWaitForMultipleObjects
PsTerminateSystemThread
KeClearEvent
IoGetLowerDeviceObject
ExAcquireRundownProtection
ExReleaseRundownProtection
ZwCreateFile
ExInitializeRundownProtection
ZwLoadDriver
ZwDeviceIoControlFile
ExWaitForRundownProtectionRelease
KeAreApcsDisabled
IoBuildAsynchronousFsdRequest
MmUnlockPages
IoFreeMdl
IoFreeIrp
IoAllocateIrp
IoGetTopLevelIrp
IoSetTopLevelIrp
IoGetDeviceAttachmentBaseRef
ZwUnloadDriver
RtlHashUnicodeString
KeEnterCriticalRegion
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
KeLeaveCriticalRegion
ZwDeleteValueKey
MmHighestUserAddress
RtlImageNtHeader
memcpy
RtlUnwind
ExAllocatePoolWithTag
RtlInitUnicodeString
_allmul
_aulldiv
memset

hal

KeGetCurrentIrql

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klbackupflt_sha1.inf_x86
klbackupflt_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klbackupflt_sha1_reg.inf_x86
kldisk.inf_x86
kldisk.sys_x86
.sys windows:6 windows x86

2b2486d2b52c827e14e64a7031d90f1c

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:82:c5:86:46:fa:ef:48:d2:66:1b:c5:e7:8d:18:b1:41:db:71:93:21:fe:bc:43:90:7c:31:e0:ae:b2:3f:16
Signer

Actual PE Digest

9c:82:c5:86:46:fa:ef:48:d2:66:1b:c5:e7:8d:18:b1:41:db:71:93:21:fe:bc:43:90:7c:31:e0:ae:b2:3f:16

Digest Algorithm

sha256

PE Digest Matches

true

9c:82:c5:86:46:fa:ef:48:d2:66:1b:c5:e7:8d:18:b1:41:db:71:93:21:fe:bc:43:90:7c:31:e0:ae:b2:3f:16
Signer

Actual PE Digest

9c:82:c5:86:46:fa:ef:48:d2:66:1b:c5:e7:8d:18:b1:41:db:71:93:21:fe:bc:43:90:7c:31:e0:ae:b2:3f:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExRundownCompleted
KeDelayExecutionThread
_vsnwprintf
IoGetRequestorProcessId
ZwCreateFile
IoGetRelatedDeviceObject
ObfDereferenceObject
_vsnprintf
RtlInitUnicodeString
ZwOpenSymbolicLinkObject
ExWaitForRundownProtectionRelease
IoDeleteDevice
ExInitializeRundownProtection
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObOpenObjectByPointer
IoDeleteSymbolicLink
KeSetEvent
RtlValidSecurityDescriptor
RtlInitAnsiString
ObReferenceObjectByHandle
IoCreateFile
IoCreateDevice
IofCallDriver
KeInitializeEvent
ZwSetSecurityObject
KeWaitForSingleObject
IoCreateSymbolicLink
ZwClose
SeExports
RtlCompareUnicodeString
SeImpersonateClientEx
ZwReadFile
KeGetCurrentThread
PsDereferencePrimaryToken
KeWaitForMultipleObjects
SeCreateClientSecurity
ZwWriteFile
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
IofCompleteRequest
SeTokenType
IoReleaseCancelSpinLock
PsDereferenceImpersonationToken
KeSetPriorityThread
PsTerminateSystemThread
ObQueryNameString
IoUnregisterPlugPlayNotification
ZwQueryVolumeInformationFile
ExFreePoolWithTag
ZwSetInformationFile
IoRegisterPlugPlayNotification
ZwQueryInformationFile
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCompareMemory
IoEnumerateDeviceObjectList
ExDeleteResourceLite
ExDeleteNPagedLookasideList
LdrFindResource_U
RtlCopyUnicodeString
RtlGetVersion
ExAcquireRundownProtection
ExInitializeNPagedLookasideList
MmGetSystemRoutineAddress
IoWMIRegistrationControl
ExReleaseRundownProtection
ExInitializeResourceLite
LdrAccessResource
PsSetCreateProcessNotifyRoutine
RtlAppendUnicodeStringToString
KeRestoreFloatingPointState
KeSaveFloatingPointState
ZwDeviceIoControlFile
ZwUnloadDriver
ZwLoadDriver
KeBugCheckEx
ExfAcquirePushLockExclusive
ExfReleasePushLock
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
ZwOpenKey
MmHighestUserAddress
ZwQuerySystemInformation
RtlImageNtHeader
_alldiv
RtlUnwind
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
PsCreateSystemThread
KeEnterCriticalRegion
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
memcpy
memset
RtlFreeUnicodeString
_allmul

hal

KfRaiseIrql
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kldisk_sha1.inf_x86
kldisk_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kldisk_sha1_reg.inf_x86
klelam.inf_X86
klelam.sys_X86
.sys windows:6 windows x86

0226665b79d72b1b3955fe60cba26ac9

Code Sign

33:00:00:04:9c:57:74:24:81:a5:93:7c:d8:00:00:00:00:04:9c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 17:43

Not After

01/06/2023, 17:43

Subject

CN=Microsoft Windows Early Launch Anti-malware Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0
Signer

Actual PE Digest

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0

Digest Algorithm

sha256

PE Digest Matches

true

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0
Signer

Actual PE Digest

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlIntegerToUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IoCreateFile
ZwSetInformationFile
ZwClose
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwQueryValueKey
RtlUpcaseUnicodeString
bsearch_s
memcmp
memcpy
memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwSetValueKey
IoRegisterBootDriverCallback
IoUnregisterBootDriverCallback
InitSafeBootMode
KeQuerySystemTime
ZwCreateKey
RtlEqualUnicodeString
memmove

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klelam.sys_backup_X86
.sys windows:6 windows x86

0226665b79d72b1b3955fe60cba26ac9

Code Sign

33:00:00:04:9c:57:74:24:81:a5:93:7c:d8:00:00:00:00:04:9c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 17:43

Not After

01/06/2023, 17:43

Subject

CN=Microsoft Windows Early Launch Anti-malware Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0
Signer

Actual PE Digest

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0

Digest Algorithm

sha256

PE Digest Matches

true

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0
Signer

Actual PE Digest

25:8f:6e:30:b0:fb:6b:ce:bf:3f:7b:ea:4d:40:17:cc:59:57:45:e2:88:0a:89:b2:d4:b7:07:fd:da:9c:d3:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlIntegerToUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IoCreateFile
ZwSetInformationFile
ZwClose
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwQueryValueKey
RtlUpcaseUnicodeString
bsearch_s
memcmp
memcpy
memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwSetValueKey
IoRegisterBootDriverCallback
IoUnregisterBootDriverCallback
InitSafeBootMode
KeQuerySystemTime
ZwCreateKey
RtlEqualUnicodeString
memmove

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klim6.cat_x86
klim6.inf_x86
klim6.sys_x86
.sys windows:6 windows x86

e300c3c0a9d50f78348e73451e9189ce

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:86:ec:e1:a9:29:f2:d2:a7:e0:b9:53:38:b7:e4:7f:48:63:92:cb:58:d1:a4:ce:a1:55:f6:60:c7:36:ac:d1
Signer

Actual PE Digest

43:86:ec:e1:a9:29:f2:d2:a7:e0:b9:53:38:b7:e4:7f:48:63:92:cb:58:d1:a4:ce:a1:55:f6:60:c7:36:ac:d1

Digest Algorithm

sha256

PE Digest Matches

true

43:86:ec:e1:a9:29:f2:d2:a7:e0:b9:53:38:b7:e4:7f:48:63:92:cb:58:d1:a4:ce:a1:55:f6:60:c7:36:ac:d1
Signer

Actual PE Digest

43:86:ec:e1:a9:29:f2:d2:a7:e0:b9:53:38:b7:e4:7f:48:63:92:cb:58:d1:a4:ce:a1:55:f6:60:c7:36:ac:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisFIndicateReceiveNetBufferLists
NdisAllocateCloneOidRequest
NdisFRegisterFilterDriver
NdisAllocateNetBufferListPool
NdisCloseConfiguration
NdisGetPoolFromNetBufferList
NdisFDevicePnPEventNotify
NdisFCancelSendNetBufferLists
NdisOpenConfigurationEx
NdisFSendNetBufferListsComplete
NdisInitializeEvent
NdisFOidRequestComplete
NdisFreeMdl
NdisFOidRequest
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisGeneratePartialCancelId
NdisFCancelOidRequest
NdisWaitEvent
NdisSetEvent
NdisFreeMemory
NdisFDeregisterFilterDriver
NdisAllocateMemoryWithTagPriority
NdisFreeNetBufferListPool
NdisFIndicateStatus
NdisCopyFromNetBufferToNetBuffer
NdisGetDataBuffer
NdisCopyReceiveNetBufferListInfo
NdisFSendNetBufferLists
NdisFNetPnPEvent
NdisFReturnNetBufferLists
NdisFSetAttributes
NdisFreeCloneOidRequest
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisAllocateMdl
NdisGetDeviceReservedExtension

ntoskrnl.exe

KefReleaseSpinLockFromDpcLevel
ExAllocatePoolWithTag
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag
MmMapLockedPagesSpecifyCache
ExReleaseRundownProtection
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeQuerySystemTime
InterlockedPushEntrySList
InterlockedPopEntrySList
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
ExInitializeRundownProtection
RtlGetVersion
MmGetSystemRoutineAddress
IoWMIRegistrationControl
RtlCompareMemory
ObfDereferenceObject
ObCloseHandle
IoCreateFile
ObfReferenceObject
ZwQueryValueKey
ZwClose
ZwOpenKey
ZwCreateFile
KeInitializeEvent
KeWaitForSingleObject
KeSetEvent
ExReInitializeRundownProtection
KeDelayExecutionThread
ZwDeviceIoControlFile
ZwUnloadDriver
ZwLoadDriver
RtlCopyUnicodeString
ZwDeleteValueKey
KeEnterCriticalRegion
ExfAcquirePushLockExclusive
ExfReleasePushLock
KeLeaveCriticalRegion
PsGetVersion
_vsnwprintf
memmove
RtlUnwind
KeInitializeSpinLock
ExWaitForRundownProtectionRelease
RtlGUIDFromString
ExRundownCompleted
IofCompleteRequest
RtlInitUnicodeString
ExAcquireRundownProtection
KeBugCheckEx
memcpy
memset

hal

KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klim6_sha1.cat_x86
klim6_sha1.inf_x86
klim6_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klim6_sha1_reg.inf_x86
klkbdflt.inf_x86
klkbdflt.sys_x86
.sys windows:6 windows x86

26946d36deda0de0b26cbd53c2f2c97f

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:74:10:e9:8c:a2:6c:ba:93:75:80:31:ce:85:20:3a:a0:79:19:17:4f:60:45:47:cc:df:cc:b5:5f:3d:9a:04
Signer

Actual PE Digest

0a:74:10:e9:8c:a2:6c:ba:93:75:80:31:ce:85:20:3a:a0:79:19:17:4f:60:45:47:cc:df:cc:b5:5f:3d:9a:04

Digest Algorithm

sha256

PE Digest Matches

true

0a:74:10:e9:8c:a2:6c:ba:93:75:80:31:ce:85:20:3a:a0:79:19:17:4f:60:45:47:cc:df:cc:b5:5f:3d:9a:04
Signer

Actual PE Digest

0a:74:10:e9:8c:a2:6c:ba:93:75:80:31:ce:85:20:3a:a0:79:19:17:4f:60:45:47:cc:df:cc:b5:5f:3d:9a:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
ObfReferenceObject
ObfDereferenceObject
IoReleaseRemoveLockEx
IoGetAttachedDeviceReference
IoGetLowerDeviceObject
ExAcquireRundownProtection
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
KeSetEvent
IofCompleteRequest
ExReInitializeRundownProtection
ExFreePoolWithTag
ExRundownCompleted
KeBugCheckEx
KeTickCount
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
PoSetSystemState
RtlInitUnicodeString
ZwCreateFile
ZwDeviceIoControlFile
KeDelayExecutionThread
ZwClose
IofCallDriver
KeClearEvent
ExAllocatePoolWithTag
KeSetKernelStackSwapEnable
KeWaitForMultipleObjects
KeGetCurrentThread
ZwQuerySystemInformation
MmGetSystemRoutineAddress
IoWMIRegistrationControl
_vsnwprintf
KeInitializeEvent
KeWaitForSingleObject
MmUnlockPages
IoFreeMdl
IoAllocateIrp
IoFreeIrp
IoCancelIrp
IoSetThreadHardErrorMode
RtlCopyUnicodeString
ExReleaseFastMutexUnsafe
MmSystemRangeStart
RtlQueryRegistryValues
ExInitializeRundownProtection
IoCreateDevice
IoAttachDeviceToDeviceStackSafe
IoDeleteDevice
ZwOpenFile
ObReferenceObjectByHandle
IoFileObjectType
IoGetRelatedDeviceObject
RtlGetVersion
InitSafeBootMode
IoRegisterPlugPlayNotification
IoInitializeRemoveLockEx
IoUnregisterPlugPlayNotificationEx
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoReleaseRemoveLockAndWaitEx
IoDetachDevice
ZwUnloadDriver
ZwLoadDriver
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
ExfAcquirePushLockExclusive
ExfReleasePushLock
PsGetVersion
memcpy
RtlUnwind
KeLeaveCriticalRegion
KeEnterCriticalRegion
RtlAppendUnicodeStringToString
ExAcquireFastMutexUnsafe
memset

hal

KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
KeReleaseInStackQueuedSpinLock

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klkbdflt_sha1.inf_x86
klkbdflt_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74
Signer

Actual PE Digest

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74

Digest Algorithm

sha256

PE Digest Matches

true

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24
Signer

Actual PE Digest

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klkbdflt_sha1_reg.inf_x86
klmouflt.inf_x86
klmouflt.sys_x86
.sys windows:6 windows x86

d590fedd522e1d16479206794bceeb22

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:d3:03:27:8d:89:11:3c:24:5f:98:35:04:e9:24:b3:81:bf:77:db:92:91:80:aa:b0:3c:5d:49:44:d9:49:7b
Signer

Actual PE Digest

6f:d3:03:27:8d:89:11:3c:24:5f:98:35:04:e9:24:b3:81:bf:77:db:92:91:80:aa:b0:3c:5d:49:44:d9:49:7b

Digest Algorithm

sha256

PE Digest Matches

true

6f:d3:03:27:8d:89:11:3c:24:5f:98:35:04:e9:24:b3:81:bf:77:db:92:91:80:aa:b0:3c:5d:49:44:d9:49:7b
Signer

Actual PE Digest

6f:d3:03:27:8d:89:11:3c:24:5f:98:35:04:e9:24:b3:81:bf:77:db:92:91:80:aa:b0:3c:5d:49:44:d9:49:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
ExWaitForRundownProtectionRelease
ExReInitializeRundownProtection
KeSetEvent
ExAcquireRundownProtection
IofCallDriver
PoSetSystemState
IofCompleteRequest
KeAcquireInStackQueuedSpinLockAtDpcLevel
ExReleaseRundownProtection
KeReleaseInStackQueuedSpinLockFromDpcLevel
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
KeGetCurrentThread
KeWaitForMultipleObjects
KeClearEvent
KeSetKernelStackSwapEnable
MmUnlockPages
_vsnwprintf
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
IoFreeIrp
IoGetRelatedDeviceObject
ObfDereferenceObject
IoAttachDeviceToDeviceStackSafe
RtlInitUnicodeString
IoDeleteDevice
IoInitializeRemoveLockEx
ExInitializeRundownProtection
RtlCopyUnicodeString
MmSystemRangeStart
IoGetLowerDeviceObject
RtlQueryRegistryValues
IoFileObjectType
ObReferenceObjectByHandle
RtlGetVersion
IoSetThreadHardErrorMode
IoUnregisterPlugPlayNotificationEx
IoRegisterPlugPlayNotification
IoFreeMdl
ObfReferenceObject
KeQueryInterruptTime
IoAllocateIrp
ExAllocatePoolWithTag
IoCreateDevice
ExFreePoolWithTag
IoWMIRegistrationControl
ZwOpenFile
KeInitializeEvent
InitSafeBootMode
KeWaitForSingleObject
ZwClose
IoGetAttachedDeviceReference
IoAllocateWorkItem
IoReleaseRemoveLockAndWaitEx
IoDetachDevice
IoFreeWorkItem
IoQueueWorkItem
KeDelayExecutionThread
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
ExfAcquirePushLockExclusive
ExfReleasePushLock
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
PsGetVersion
memcpy
RtlUnwind
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
MmGetSystemRoutineAddress
ExRundownCompleted
memset

hal

KeGetCurrentIrql
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klmouflt_sha1.inf_x86
klmouflt_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74
Signer

Actual PE Digest

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74

Digest Algorithm

sha256

PE Digest Matches

true

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24
Signer

Actual PE Digest

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klmouflt_sha1_reg.inf_x86
klpd.inf_x86
klpd.sys_x86
.sys windows:6 windows x86

4902b41c981257cf56be747f13d15e36

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:9c:5a:95:9a:46:60:65:69:6f:96:fb:37:cf:db:bc:94:89:7e:5b:12:59:41:d3:0a:2e:35:a1:21:2c:4b:9a
Signer

Actual PE Digest

87:9c:5a:95:9a:46:60:65:69:6f:96:fb:37:cf:db:bc:94:89:7e:5b:12:59:41:d3:0a:2e:35:a1:21:2c:4b:9a

Digest Algorithm

sha256

PE Digest Matches

true

87:9c:5a:95:9a:46:60:65:69:6f:96:fb:37:cf:db:bc:94:89:7e:5b:12:59:41:d3:0a:2e:35:a1:21:2c:4b:9a
Signer

Actual PE Digest

87:9c:5a:95:9a:46:60:65:69:6f:96:fb:37:cf:db:bc:94:89:7e:5b:12:59:41:d3:0a:2e:35:a1:21:2c:4b:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
ZwQuerySystemInformation
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoWMIRegistrationControl
LdrFindResource_U
LdrAccessResource
_vsnwprintf
RtlGetVersion
InitSafeBootMode
RtlUpperString
KeDelayExecutionThread
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
RtlCopyUnicodeString
ZwClose
KeBugCheckEx
KeEnterCriticalRegion
ExfAcquirePushLockExclusive
ExFreePoolWithTag
ExfReleasePushLock
KeLeaveCriticalRegion
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
MmHighestUserAddress
RtlImageNtHeader
memcpy
RtlUnwind
KeInitializeEvent
ExAllocatePoolWithTag
memset

hal

KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klpd_sha1.inf_x86
klpd_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klpd_sha1_reg.inf_x86
klpnpflt.inf_x86
klpnpflt.sys_x86
.sys windows:6 windows x86

c34a880363a50325518db27ff2e55ac7

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:e0:cf:96:33:ad:3f:1f:c6:3d:d6:cb:9c:a5:fe:04:b9:88:a3:0a:96:58:8f:46:80:68:ab:11:36:aa:32:92
Signer

Actual PE Digest

9b:e0:cf:96:33:ad:3f:1f:c6:3d:d6:cb:9c:a5:fe:04:b9:88:a3:0a:96:58:8f:46:80:68:ab:11:36:aa:32:92

Digest Algorithm

sha256

PE Digest Matches

true

9b:e0:cf:96:33:ad:3f:1f:c6:3d:d6:cb:9c:a5:fe:04:b9:88:a3:0a:96:58:8f:46:80:68:ab:11:36:aa:32:92
Signer

Actual PE Digest

9b:e0:cf:96:33:ad:3f:1f:c6:3d:d6:cb:9c:a5:fe:04:b9:88:a3:0a:96:58:8f:46:80:68:ab:11:36:aa:32:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
IoGetLowerDeviceObject
ExAcquireRundownProtection
IoQueueWorkItem
ExReleaseRundownProtection
ExAllocatePoolWithTag
IoAllocateWorkItem
ExFreePoolWithTag
RtlCopyUnicodeString
IoFreeWorkItem
MmIsDriverVerifying
KeDelayExecutionThread
IoGetDeviceObjectPointer
IoUnregisterPlugPlayNotificationEx
IoRegisterPlugPlayNotification
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
PsGetCurrentProcessId
PsInitialSystemProcess
PsGetProcessId
PsGetCurrentThreadId
IoGetFileObjectGenericMapping
RtlMapGenericMask
ZwQuerySystemInformation
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoWMIRegistrationControl
LdrFindResource_U
LdrAccessResource
_vsnwprintf
RtlAppendUnicodeStringToString
IoAcquireRemoveLockEx
IofCompleteRequest
IoReleaseRemoveLockEx
RtlGetVersion
ExInitializeRundownProtection
InitSafeBootMode
IoCreateDevice
IoRegisterShutdownNotification
IoInitializeRemoveLockEx
RtlCompareUnicodeString
IoDeleteDevice
ExWaitForRundownProtectionRelease
ExRundownCompleted
IoUnregisterShutdownNotification
KeSetEvent
IoReleaseRemoveLockAndWaitEx
IoDetachDevice
ExGetPreviousMode
MmSystemRangeStart
RtlQueryRegistryValues
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
ZwClose
MmHighestUserAddress
RtlImageNtHeader
ZwCreateKey
ZwDeleteValueKey
ZwQueryValueKey
ZwSetValueKey
ZwOpenKey
KeBugCheckEx
ExfAcquirePushLockExclusive
ExfReleasePushLock
PsGetVersion
memcpy
RtlUnwind
IoAttachDeviceToDeviceStackSafe
ObfReferenceObject
memset

hal

KeGetCurrentIrql

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klpnpflt_sha1.inf_x86
klpnpflt_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74
Signer

Actual PE Digest

c8:6c:31:66:ad:c7:58:df:79:d7:b6:8d:bd:84:25:bb:2b:9e:17:45:fb:44:a6:a5:e6:da:bf:bc:02:01:c2:74

Digest Algorithm

sha256

PE Digest Matches

true

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24
Signer

Actual PE Digest

d1:10:01:0e:f1:8c:15:51:06:19:1b:07:f0:58:76:51:8a:e6:b3:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klpnpflt_sha1_reg.inf_x64
klpnpflt_sha1_reg.inf_x86
klwfp.inf_x86
klwfp.sys_x86
.sys windows:6 windows x86

c2f2413e485ad3ea485862231d571ed0

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:8a:84:12:03:b2:97:8b:45:85:b3:b7:c2:8b:69:41:92:1e:6d:5c:f3:ad:18:b5:23:1a:36:52:40:1a:85:5e
Signer

Actual PE Digest

3c:8a:84:12:03:b2:97:8b:45:85:b3:b7:c2:8b:69:41:92:1e:6d:5c:f3:ad:18:b5:23:1a:36:52:40:1a:85:5e

Digest Algorithm

sha256

PE Digest Matches

true

3c:8a:84:12:03:b2:97:8b:45:85:b3:b7:c2:8b:69:41:92:1e:6d:5c:f3:ad:18:b5:23:1a:36:52:40:1a:85:5e
Signer

Actual PE Digest

3c:8a:84:12:03:b2:97:8b:45:85:b3:b7:c2:8b:69:41:92:1e:6d:5c:f3:ad:18:b5:23:1a:36:52:40:1a:85:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisGetDataBuffer
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisCopyReceiveNetBufferListInfo
NdisCopySendNetBufferListInfo

fwpkclnt.sys

FwpsInjectionHandleCreate0
FwpsReleaseClassifyHandle0
FwpsFreeCloneNetBufferList0
FwpsAllocateCloneNetBufferList0
FwpsInjectTransportReceiveAsync0
FwpsGetPacketListSecurityInformation0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsAcquireClassifyHandle0
FwpsPendClassify0
FwpsCalloutRegister1
FwpmProviderAdd0
FwpmEngineOpen0
FwpmProviderDeleteByKey0
FwpmEngineClose0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpsCalloutUnregisterById0
FwpmCalloutDeleteByKey0
FwpmCalloutAdd0
FwpmBfeStateGet0
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateSubscribeChanges0
FwpmFilterDeleteById0
FwpmFilterAdd0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmTransactionAbort0
FwpsCompleteOperation0
FwpsInjectTransportSendAsync1
FwpsQueryPacketInjectionState0
FwpsPendOperation0
FwpsCompleteClassify0
FwpsInjectionHandleDestroy0

ntoskrnl.exe

ExAcquireSpinLockShared
PsGetCurrentProcessId
ExAcquireRundownProtection
ExAllocatePoolWithTag
ExFreePoolWithTag
PsGetCurrentThreadId
KeFlushQueuedDpcs
ExReleaseRundownProtection
KeBugCheckEx
InterlockedPushEntrySList
ExDeleteNPagedLookasideList
ExInitializeRundownProtection
FirstEntrySList
ExInitializeNPagedLookasideList
KeQuerySystemTime
InterlockedPopEntrySList
_vsnwprintf
ZwQuerySystemInformation
RtlInitUnicodeString
LdrFindResource_U
IoDeleteDevice
RtlGetVersion
ExAcquireResourceSharedLite
IoWMIRegistrationControl
LdrAccessResource
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ExWaitForRundownProtectionRelease
ZwClose
ZwOpenKey
ExRundownCompleted
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
ExDeleteResourceLite
ExAcquireResourceExclusiveLite
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
KeAreApcsDisabled
RtlEnumerateGenericTableWithoutSplayingAvl
ExReleaseResourceLite
ExInitializeResourceLite
KeLeaveCriticalRegion
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExEnterCriticalRegionAndAcquireResourceExclusive
ZwOpenEvent
ZwCreateEvent
IoCreateDevice
ExUuidCreate
ObfDereferenceObject
ObCloseHandle
IoCreateFile
ObfReferenceObject
IofCompleteRequest
KeDelayExecutionThread
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
KeSetEvent
ExQueueWorkItem
KeInitializeEvent
KeInitializeDpc
KeInitializeTimer
KeSetTimer
KeCancelTimer
KeWaitForSingleObject
ExfAcquirePushLockExclusive
ExfReleasePushLock
MmHighestUserAddress
RtlImageNtHeader
PsGetVersion
RtlUnwind
ExReleaseSpinLockSharedFromDpcLevel
KeEnterCriticalRegion
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseSpinLockShared
ZwQueryValueKey
MmGetSystemRoutineAddress
ZwSetSecurityObject
IoDeviceObjectType
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
memcpy
memset
RtlFreeUnicodeString
memmove

hal

KfAcquireSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeReleaseInStackQueuedSpinLock

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klwfp_sha1.inf_x86
klwfp_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klwfp_sha1_reg.inf_x86
klwtp.inf_x86
klwtp.sys_x86
.sys windows:6 windows x86

9c20c7c2b36c82458320fdbdaea0e12b

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:02:db:6f:7c:01:02:2b:25:43:d9:f3:76:34:26:3c:26:e2:4a:5b:fa:c2:05:fd:2a:c9:b1:26:4a:39:2e:f3
Signer

Actual PE Digest

f7:02:db:6f:7c:01:02:2b:25:43:d9:f3:76:34:26:3c:26:e2:4a:5b:fa:c2:05:fd:2a:c9:b1:26:4a:39:2e:f3

Digest Algorithm

sha256

PE Digest Matches

true

f7:02:db:6f:7c:01:02:2b:25:43:d9:f3:76:34:26:3c:26:e2:4a:5b:fa:c2:05:fd:2a:c9:b1:26:4a:39:2e:f3
Signer

Actual PE Digest

f7:02:db:6f:7c:01:02:2b:25:43:d9:f3:76:34:26:3c:26:e2:4a:5b:fa:c2:05:fd:2a:c9:b1:26:4a:39:2e:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fwpkclnt.sys

FwpsCalloutRegister1
FwpmBfeStateGet0
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateSubscribeChanges0
FwpsApplyModifiedLayerData0
FwpsAcquireWritableLayerDataPointer0
FwpsStreamContinue0
FwpsInjectNetworkSendAsync0
FwpsCloneStreamData0
FwpsCopyStreamDataToBuffer0
FwpmCalloutDeleteByKey0
FwpsDiscardClonedStreamData0
FwpsCalloutUnregisterByKey0
FwpmProviderAdd0
FwpmProviderDeleteByKey0
FwpsInjectionHandleDestroy0
FwpsInjectForwardAsync0
FwpsInjectNetworkReceiveAsync0
FwpmEngineClose0
FwpmFilterAdd0
FwpmCalloutAdd0
FwpmCalloutDeleteById0
FwpmTransactionAbort0
FwpmFilterDeleteById0
FwpmTransactionBegin0
FwpsFreeNetBufferList0
FwpmEngineOpen0
FwpsAllocateNetBufferAndNetBufferList0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionCommit0
FwpsGetPacketListSecurityInformation0
FwpsAllocateCloneNetBufferList0
FwpsPendClassify0
FwpsAcquireClassifyHandle0
FwpsFreeCloneNetBufferList0
FwpsReleaseClassifyHandle0
FwpsConstructIpHeaderForTransportPacket0
FwpsCompleteClassify0
FwpsInjectionHandleCreate0
FwpsQueryPacketInjectionState0
FwpsInjectTransportSendAsync1
FwpsCalloutUnregisterById0
FwpsInjectTransportReceiveAsync0
FwpsFlowRemoveContext0
FwpsStreamInjectAsync0
FwpsFlowAssociateContext0

ndis.sys

NdisCopyReceiveNetBufferListInfo
NdisAdvanceNetBufferDataStart
NdisAllocateNetBufferListPool
NdisCopySendNetBufferListInfo
NdisFreeNetBufferPool
NdisFreeGenericObject
NdisFreeMdl
NdisAllocateGenericObject
NdisGetPoolFromNetBufferList
NdisCopyFromNetBufferToNetBuffer
NdisFreeNetBuffer
NdisAdvanceNetBufferListDataStart
NdisFreeNetBufferListPool
NdisAllocateNetBuffer
NdisGetDataBuffer
NdisAllocateNetBufferPool
NdisRetreatNetBufferListDataStart
NdisRetreatNetBufferDataStart

netio.sys

FreeMibTable
CancelMibChangeNotify2
GetIfTable2Ex
NotifyIpInterfaceChange

ntoskrnl.exe

KeInitializeSpinLock
ExInitializeRundownProtection
KeReleaseMutex
ExAcquireRundownProtection
KeCancelTimer
ObfReferenceObject
IoCsqRemoveNextIrp
ExAllocatePoolWithTag
KeReleaseGuardedMutex
ExFreePoolWithTag
ExUuidCreate
KeAcquireGuardedMutex
IofCompleteRequest
KeWaitForSingleObject
IoReleaseCancelSpinLock
KeFlushQueuedDpcs
ExReleaseRundownProtection
IoAllocateWorkItem
RtlGUIDFromString
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlPrefixUnicodeString
PsGetCurrentProcessId
ObfDereferenceObject
IoQueueWorkItem
IoCreateSymbolicLink
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
ExReleaseSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
ExAcquireSpinLockExclusive
IoBuildPartialMdl
IoAllocateMdl
KeSetEvent
IoFreeMdl
KeInitializeEvent
MmMapLockedPagesSpecifyCache
ExRundownCompleted
KeSetTimer
MmUnlockPages
MmProbeAndLockPages
KeInitializeTimer
ProbeForWrite
IoCreateDevice
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ProbeForRead
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlCompareMemory
ExWaitForRundownProtectionRelease
KeQuerySystemTime
KeBugCheckEx
ExReleaseSpinLockSharedFromDpcLevel
ExAcquireSpinLockSharedAtDpcLevel
MmBuildMdlForNonPagedPool
_vsnwprintf
ZwQuerySystemInformation
LdrFindResource_U
EtwWriteTransfer
RtlGetVersion
EtwUnregister
MmGetSystemRoutineAddress
EtwRegister
IoWMIRegistrationControl
LdrAccessResource
PsGetProcessId
PsInitialSystemProcess
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ZwQueryValueKey
ZwClose
ZwOpenKey
ExDeleteResourceLite
KeEnterCriticalRegion
ZwEnumerateValueKey
ExAcquireResourceExclusiveLite
ZwCreateKey
ZwDeleteValueKey
ExReleaseResourceLite
RtlStringFromGUID
ZwSetValueKey
ExInitializeResourceLite
KeLeaveCriticalRegion
KeDelayExecutionThread
ObCloseHandle
IoCreateFile
ZwWaitForSingleObject
KeWaitForMultipleObjects
PsCreateSystemThread
IoGetCurrentProcess
KeStackAttachProcess
MmUnmapLockedPages
PsGetCurrentThreadId
PsTerminateSystemThread
KeUnstackDetachProcess
ZwDeviceIoControlFile
ZwUnloadDriver
ZwCreateFile
ZwLoadDriver
MmHighestUserAddress
_stricmp
RtlImageNtHeader
ExQueueWorkItem
ExfAcquirePushLockExclusive
ExfReleasePushLock
PsGetVersion
RtlUnwind
KeSetTimerEx
KeInitializeTimerEx
KeInitializeMutex
IoCsqInsertIrpEx
KeInitializeGuardedMutex
KeInitializeDpc
IoCsqInitializeEx
IoFreeWorkItem
ZwSetSecurityObject
IoDeviceObjectType
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
memcpy
memset
RtlFreeUnicodeString
memmove

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeAcquireInStackQueuedSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KeReleaseInStackQueuedSpinLock

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klwtp_sha1.inf_x86
klwtp_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klwtp_sha1_reg.inf_x86
kneps.inf_x86
kneps.sys_x86
.sys windows:6 windows x86

fc9982b2cd4753ce2e3b656ad08cd7b9

Code Sign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6d:2c:e2:fc:00:27:ff:fb:2e:22:f4:cc:dd:2f:d8:c0:ca:18:66:6e:32:45:41:75:5d:01:93:f2:90:f5:e2
Signer

Actual PE Digest

a4:6d:2c:e2:fc:00:27:ff:fb:2e:22:f4:cc:dd:2f:d8:c0:ca:18:66:6e:32:45:41:75:5d:01:93:f2:90:f5:e2

Digest Algorithm

sha256

PE Digest Matches

true

a4:6d:2c:e2:fc:00:27:ff:fb:2e:22:f4:cc:dd:2f:d8:c0:ca:18:66:6e:32:45:41:75:5d:01:93:f2:90:f5:e2
Signer

Actual PE Digest

a4:6d:2c:e2:fc:00:27:ff:fb:2e:22:f4:cc:dd:2f:d8:c0:ca:18:66:6e:32:45:41:75:5d:01:93:f2:90:f5:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
RtlGetVersion
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCompleteRequest
LdrAccessResource
ObfDereferenceObject
ObCloseHandle
KeInitializeSpinLock
IoCreateFile
ObfReferenceObject
KeSetEvent
KeInitializeEvent
KeWaitForSingleObject
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
KeSetTimer
IoAcquireRemoveLockEx
RtlCompareUnicodeString
KeDelayExecutionThread
IoAllocateWorkItem
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
IoInitializeRemoveLockEx
KeInitializeTimer
RtlCopyUnicodeString
IoDeleteSymbolicLink
KeCancelTimer
IoCsqInitialize
IoCsqRemoveNextIrp
IoFreeWorkItem
IoCsqInsertIrp
IoQueueWorkItem
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
KeFlushQueuedDpcs
InterlockedPushEntrySList
InterlockedPopEntrySList
ExDeleteNPagedLookasideList
KefReleaseSpinLockFromDpcLevel
IoDeleteDevice
KefAcquireSpinLockAtDpcLevel
KeQuerySystemTime
_purecall
strncpy
_itoa
KeInitializeMutex
_vsnprintf
KeReleaseMutex
RtlEqualUnicodeString
ZwUnloadDriver
ZwLoadDriver
PsInitialSystemProcess
KeStackAttachProcess
ZwClose
KeUnstackDetachProcess
ZwOpenKey
atoi
strncmp
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlAppendUnicodeStringToString
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwDeviceIoControlFile
MmHighestUserAddress
_stricmp
RtlImageNtHeader
ZwDeleteValueKey
ExfAcquirePushLockExclusive
ExfReleasePushLock
PsGetVersion
_aullshr
RtlUnwind
LdrFindResource_U
KeBugCheckEx
ZwQuerySystemInformation
_vsnwprintf
ExFreePoolWithTag
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
RtlInitUnicodeString
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
memcpy
memset
RtlFreeUnicodeString
KeWaitForMultipleObjects
PsCreateSystemThread
ObReferenceObjectByHandle
PsTerminateSystemThread
_alldiv
_allmul
_allrem
_allshl
_aulldiv
_aullrem
memmove

hal

ExAcquireFastMutex
ExReleaseFastMutex
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kneps_sha1.inf_x86
kneps_sha1.sys_x86
.sys windows:10 windows x86

353b327b4b9806f958ef4b37d0be1aa2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3c:66:84:e0:f3:90:30:c0:5f:a3:6b:42:af:33:ca
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/11/2018, 00:00

Not After

10/11/2021, 12:00

Subject

CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:f3:b6:84:1e:24:78:6b:a2:68:d1:45:dc:a1:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,OU=Kaspersky Lab,O=Kaspersky Lab JSC,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec
Signer

Actual PE Digest

c3:07:98:18:9d:16:3c:de:a7:d9:bb:3a:8d:bb:a1:0e:f5:02:a2:0b:ea:12:71:1f:3e:18:90:95:9d:8f:52:ec

Digest Algorithm

sha256

PE Digest Matches

true

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1
Signer

Actual PE Digest

eb:cb:99:cc:9d:89:98:0a:a0:1e:f6:25:83:86:e4:5a:97:c2:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kldl.sys

KldlLoadAndStartDriver

ntoskrnl.exe

MmGetSystemRoutineAddress

Sections

.text
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prms
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kneps_sha1_reg.inf_x86
mcou.dll
.dll regsvr32 windows:6 windows x86

004d531c18a7f638e62dfdfee3d6d5d3

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25/08/2021, 14:06

Not After

25/08/2036, 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:de:f1:38:82:48:e6:51:7c:58:4d:2e:a5:15:28:9f:ac:55:96:c0:f1:00:b0:09:ea:7f:2f:ce:38:08:dc:2a
Signer

Actual PE Digest

11:de:f1:38:82:48:e6:51:7c:58:4d:2e:a5:15:28:9f:ac:55:96:c0:f1:00:b0:09:ea:7f:2f:ce:38:08:dc:2a

Digest Algorithm

sha256

PE Digest Matches

true

11:de:f1:38:82:48:e6:51:7c:58:4d:2e:a5:15:28:9f:ac:55:96:c0:f1:00:b0:09:ea:7f:2f:ce:38:08:dc:2a
Signer

Actual PE Digest

11:de:f1:38:82:48:e6:51:7c:58:4d:2e:a5:15:28:9f:ac:55:96:c0:f1:00:b0:09:ea:7f:2f:ce:38:08:dc:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptProtectData
CryptUnprotectData
CryptProtectMemory
CryptUnprotectMemory

kernel32

GetModuleHandleExW
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
SetFilePointerEx
LocalFree
FlushFileBuffers
SystemTimeToFileTime
TlsSetValue
Sleep
TlsAlloc
TlsGetValue
TlsFree
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
OutputDebugStringA
GetComputerNameW
CreateDirectoryW
FindFirstFileExW
GetLongPathNameW
DeviceIoControl
GetFinalPathNameByHandleW
UnmapViewOfFile
GetTimeZoneInformation
GetFileAttributesExW
FlushViewOfFile
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
CreateFileMappingW
MapViewOfFile
MoveFileW
VirtualFree
VirtualAlloc
DuplicateHandle
SwitchToThread
ExpandEnvironmentStringsW
WaitForSingleObject
ResumeThread
GetModuleHandleA
LoadLibraryA
CreateThread
CreateProcessW
CreateEventA
GetProcessTimes
GetComputerNameA
ProcessIdToSessionId
WriteProcessMemory
GetNativeSystemInfo
ReadProcessMemory
VirtualQuery
VirtualProtect
QueryPerformanceCounter
GetSystemInfo
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
RemoveVectoredExceptionHandler
HeapValidate
AddVectoredExceptionHandler
IsDebuggerPresent
SetUnhandledExceptionFilter
OpenEventA
WriteConsoleW
SetStdHandle
GetConsoleOutputCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
WideCharToMultiByte
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapFree
SetThreadPriority
GetModuleHandleExA
GetLastError
GetCurrentThread
GetThreadPriority
RaiseException
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameW
SizeofResource
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenProcess
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemDirectoryW
SetFileAttributesW
GetTempPathW
GetSystemTimeAsFileTime
WaitForMultipleObjects
TerminateThread
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventW
InitializeCriticalSection
lstrlenW
WritePrivateProfileStringW
FindNextFileW
DeleteFileW
GetFileAttributesW
FindFirstFileW
FindClose
GetCurrentProcessId
LoadLibraryExA
GlobalFree
GlobalHandle
lstrcmpW
SetLastError
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DisableThreadLibraryCalls
LoadLibraryExW
lstrcmpiW
LoadLibraryW
FreeLibrary
FindResourceW
FindResourceExW
LoadResource
LockResource

user32

MapWindowPoints
UnregisterClassW
LoadCursorW
SetCursor
CharNextW
GetFocus
IsChild
GetSysColor
DrawTextW
GetDialogBaseUnits
ReleaseDC
GetDC
EndPaint
GetClientRect
BeginPaint
GetWindow
RegisterClassExW
DefWindowProcW
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
SetFocus
SetWindowTextW
OffsetRect
EqualRect
IntersectRect
UnionRect
PtInRect
GetKeyState
SendDlgItemMessageW
GetNextDlgTabItem
CopyAcceleratorTableW
IsDialogMessageW
ShowWindow
SystemParametersInfoW
DestroyIcon
EndDialog
EnumChildWindows
CreateDialogIndirectParamW
SetWindowContextHelpId
LoadImageW
SetTimer
EnableWindow
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
MapDialogRect
SetWindowRgn

gdi32

SetBkColor
CreateRectRgnIndirect
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetDeviceCaps
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPointW
DeleteObject
SetBkMode
SetTextColor
Rectangle
SelectObject
GetStockObject

advapi32

RevertToSelf
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
SetEntriesInAclA
InitializeSecurityDescriptor
ConvertStringSidToSidA
MakeSelfRelativeSD
MakeAbsoluteSD
CreateWellKnownSid
CopySid
GetLengthSid
LookupAccountNameW
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
LookupPrivilegeValueA
FreeSid
SetThreadToken
DuplicateTokenEx
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW

ole32

CreateILockBytesOnHGlobal
CLSIDFromString
ReadClassStm
OleSaveToStream
WriteClassStm
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
OleInitialize
StgCreateDocfileOnILockBytes
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SafeArrayUnlock
SafeArrayDestroy
OleTranslateColor
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
OleCreatePropertyFrame
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
LoadTypeLi
VarUI4FromStr
DispCallFunc
VariantInit
VariantClear
SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
SysStringLen
SysFreeString

ws2_32

htons
ntohs
WSAAddressToStringA
WSAStringToAddressA
WSAGetLastError
setsockopt
ioctlsocket
WSAEnumNetworkEvents
recv
connect
socket
send
WSAEventSelect
getsockname
WSACreateEvent
listen
closesocket
bind
accept
WSACleanup
WSAStartup
inet_addr

rpcrt4

NDRSContextMarshall
RpcErrorEndEnumeration
I_RpcGetBuffer
RpcBindingFromStringBindingA
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcBindingFree
RpcErrorStartEnumeration
RpcMgmtSetComTimeout
NDRCContextUnmarshall
I_RpcBindingInqTransportType
RpcStringBindingComposeA
RpcServerUnregisterIfEx
I_RpcFreeBuffer
RpcStringFreeA
I_RpcSendReceive
RpcBindingSetAuthInfoExA
RpcServerUseProtseqEpA
NDRCContextMarshall
RpcErrorGetNextRecord
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesA
RpcBindingVectorFree
RpcMgmtEpEltInqBegin
RpcMgmtSetCancelTimeout
RpcMgmtEpEltInqDone
RpcServerUnregisterIf
RpcBindingCopy
RpcStringFreeW
RpcMgmtEpEltInqNextW
RpcEpRegisterA
RpcBindingToStringBindingA
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcMgmtEpEltInqNextA
RpcCancelThread
RpcBindingSetAuthInfoExW
RpcServerInqCallAttributesW
NDRSContextUnmarshall
RpcSsDestroyClientContext
RpcRaiseException

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExchEntryPoint
OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
passwords.ico

Sharing

General

Malware Config

Signatures

Files

b6e1ba760cbeffdce764e8827f82651a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 820B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 260B

4eb087fb4320d9c065cf54041a998208

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 820B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 272B

cc0c2623401ed3270c19a410475b2d27

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6eCertificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78Signer

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

msi

userenv

shlwapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

cabinet

Exports

Exports

Sections

.text Size: 460KB - Virtual size: 460KB

.rdata Size: 139KB - Virtual size: 139KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 820B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 260B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 820B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 272B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78
Signer

cf:47:9f:65:92:45:7e:83:97:1a:93:7e:20:dc:ee:ea:4e:f4:e3:5e:8b:84:9f:58:16:dc:bf:5b:d4:7b:fa:78
Signer

.text
Size: 460KB - Virtual size: 460KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07
Signer

be:a7:14:8a:a1:93:08:68:7a:d9:4c:75:5f:01:3c:2c:68:af:77:b1:c9:7e:86:45:99:64:a2:62:d7:c4:7b:07
Signer

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate