c68fa491da6bf8c8de79ec635c3aa5d4f4dc9764c2b27cc5a9bfe49c396cdca3[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c68fa491da6bf8c8de79ec635c3aa5d4f4dc9764c2b27cc5a9bfe49c396cdca3.zip.zip
Size

58.2MB
MD5

51fc5e957210ab63a5d654d5dee73e55
SHA1

397bd95188bdd2c75bbcb4974f211f6d90eeda0b
SHA256

e0e9c6360900ddcebe18c85853295c843cc418a9d202a3ac0930d658a10403e4
SHA512

962756e621fb2091c32f40f08c987c35057c56d80b688c2d60db1cc854a1a81ef638549ef190cb9d17a7e7f965d59f192e0f6d0948533b8ea342058ed29ef54e
SSDEEP

1572864:/u2q6Ze6SFvTI1OviMHeFLKodbsx/vvo/jdVpl9HMjBuOqcoB+:256Zepv01OviM+FLKodQxXApLfCBm+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/DWA 131/autorun.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DWA 131/driver/Drivers/Vistax64/Drtwlanu_Vista.sys
unpack002/DWA 131/driver/Drivers/Vistax86/Drtwlanu_Vista.sys

Files

c68fa491da6bf8c8de79ec635c3aa5d4f4dc9764c2b27cc5a9bfe49c396cdca3.zip.zip
.zip

Password: infected
c68fa491da6bf8c8de79ec635c3aa5d4f4dc9764c2b27cc5a9bfe49c396cdca3.zip
.zip
DWA 131/QIG/DWA-131_E1_QIG_v5.02(EU).pdf
.pdf
DWA 131/autorun.exe
.exe windows:4 windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:a5:86:a9:5b:44:60:9e:9f:ae:25:f9:27:79:62:d6
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2015, 00:00

Not After

20/09/2018, 23:59

Subject

CN=D-LINK CORPORATION,O=D-LINK CORPORATION,L=NEIHU DISTRICT,ST=TAIWAN,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:ca:9e:ac:65:f8:a0:c7:3b:1d:f3:61:72:11:98:92:bc:3b:30:e6
Signer

Actual PE Digest

b5:ca:9e:ac:65:f8:a0:c7:3b:1d:f3:61:72:11:98:92:bc:3b:30:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 505KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DWA 131/autorun.inf
DWA 131/autorun.mbd
DWA 131/driver/Drivers/Vistax64/Dnetrtwlanu_Vista.inf
DWA 131/driver/Drivers/Vistax64/Drtwlanu_Vista.sys
.sys windows:6 windows x64

590b8f5b85b390841c9b7eab44209f47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
KeClearEvent
KeWaitForSingleObject
PoUnregisterPowerSettingCallback
PoRegisterPowerSettingCallback
KeInitializeEvent
KeSetEvent
KeFlushQueuedDpcs
DbgPrint
RtlGUIDFromString
MmMapLockedPagesSpecifyCache
KeInitializeMutex
RtlCopyUnicodeString
_vsnprintf
strncpy
ExNotifyCallback
KeReleaseSemaphore
KeReleaseMutex
PsTerminateSystemThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
ObfDereferenceObject
ExCreateCallback
KeInitializeSemaphore
IoCsqRemoveNextIrp
IofCompleteRequest
IoCsqInsertIrp
IoCsqInitialize
RtlInitUnicodeString
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

ndis.sys

NdisAllocateTimerObject
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMRegisterMiniportDriver
NdisSetTimerObject
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMDeregisterMiniportDriver
NdisFreeTimerObject
NdisGetVersion
NdisFreeIoWorkItem
NdisMapFile
NdisUnmapFile
NdisCloseFile
NdisFreeMemory
NdisWriteConfiguration
NdisMRemoveMiniport
NdisRegisterDeviceEx
NdisWaitEvent
NdisResetEvent
NdisDeregisterDeviceEx
NdisMSendNetBufferListsComplete
NdisMSetMiniportAttributes
NdisInitializeString
NdisOpenFile
NdisReadNetworkAddress
NdisInitializeEvent
NdisMIndicateStatusEx
NdisOpenConfigurationEx
NdisCloseConfiguration
NdisReadConfiguration
NdisMOidRequestComplete
NdisAllocateIoWorkItem
NdisSetEvent
NdisQueueIoWorkItem
NdisAllocateMemoryWithTagPriority
NdisMSleep
NdisCancelTimerObject

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Vistax64/RTLBt.inf
DWA 131/driver/Drivers/Vistax64/dnetrtwlanu.cat
DWA 131/driver/Drivers/Vistax64/rtlCoInst.dat
DWA 131/driver/Drivers/Vistax64/rtlCoInst.dll
.dll windows:5 windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

Actual PE Digest

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Vistax86/Dnetrtwlanu_Vista.inf
DWA 131/driver/Drivers/Vistax86/Drtwlanu_Vista.sys
.sys windows:6 windows x86

8ef3279ec6f029dbb7560bc5380640f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeWaitForSingleObject
KeClearEvent
KeSetEvent
KeInitializeEvent
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
_alldiv
KeFlushQueuedDpcs
DbgPrint
_aulldiv
_allmul
KeQuerySystemTime
memcpy
RtlGUIDFromString
memset
RtlCopyUnicodeString
strncpy
_allshl
_aullrem
_vsnprintf
_aullshr
ExNotifyCallback
KeReleaseMutex
PsTerminateSystemThread
ZwClose
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExCreateCallback
KeInitializeSemaphore
KeReleaseSemaphore
IofCompleteRequest
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoCsqInitialize
KeInitializeMutex
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache

hal

KeStallExecutionProcessor
KeGetCurrentIrql
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMRegisterMiniportDriver
NdisGetVersion
NdisMGetDeviceProperty
NdisMDeregisterMiniportDriver
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisFreeMdl
NdisMIndicateReceiveNetBufferLists
NdisQueueIoWorkItem
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisAllocateTimerObject
NdisMSleep
NdisAllocateMemoryWithTagPriority
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisSetTimerObject
NdisCancelTimerObject
NdisMIndicateStatusEx
NdisFreeNetBufferList
NdisFreeMemory
NdisCloseFile
NdisUnmapFile
NdisMapFile
NdisOpenFile
NdisInitializeString
NdisWriteConfiguration
NdisResetEvent
NdisWaitEvent
NdisMSendNetBufferListsComplete
NdisMSetMiniportAttributes
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMRemoveMiniport
NdisOpenConfigurationEx
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisInitializeEvent
NdisSetEvent
NdisMOidRequestComplete
NdisFreeTimerObject

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 944KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Vistax86/RTLBt.inf
DWA 131/driver/Drivers/Vistax86/dnetrtwlanu.cat
DWA 131/driver/Drivers/Vistax86/rtlCoInst.dat
DWA 131/driver/Drivers/Vistax86/rtlCoInst.dll
.dll windows:5 windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

Actual PE Digest

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win7x64/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win7x64/Drtwlanu.sys
.sys windows:6 windows x64

116cc38bcc528f965000b8ef18f236a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:99:76:7d:80:0d:33:50:a1:7b:1a:13:69:5e:0e:18:5c:62:ef:4f
Signer

Actual PE Digest

ec:99:76:7d:80:0d:33:50:a1:7b:1a:13:69:5e:0e:18:5c:62:ef:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisResetEvent
NdisWaitEvent
NdisOpenFile
NdisCloseFile
NdisMapFile
NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisFreeMemory
NdisSetTimerObject
NdisCancelTimerObject
NdisFreeTimerObject
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisGetVersion
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisAllocateTimerObject
NdisWriteConfiguration

ntoskrnl.exe

KeFlushQueuedDpcs
KeInitializeEvent
RtlCompareMemory
KeSetEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
KeInitializeMutex
RtlInitUnicodeString
strncpy
_vsnprintf
DbgPrint
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
KeBugCheckEx
RtlCopyUnicodeString
RtlGUIDFromString
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
ExNotifyCallback
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win7x64/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win7x64/rtlCoInst.dat
DWA 131/driver/Drivers/Win7x64/rtlCoInst.dll
.dll windows:5 windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

Actual PE Digest

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win7x86/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win7x86/Drtwlanu.sys
.sys windows:6 windows x86

558fcd172a3b4ce3dd4154f79250d1c4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:0b:80:d1:f0:d7:d0:94:c8:17:27:31:b3:4e:61:07:b7:6a:86:5c
Signer

Actual PE Digest

9a:0b:80:d1:f0:d7:d0:94:c8:17:27:31:b3:4e:61:07:b7:6a:86:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisAllocateTimerObject
NdisSetTimerObject
NdisCancelTimerObject
NdisMapFile
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisGetVersion
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisCloseFile
NdisOpenFile
NdisWaitEvent
NdisResetEvent
NdisFreeMemory
NdisFreeTimerObject
NdisWriteConfiguration

ntoskrnl.exe

KeInitializeEvent
RtlCompareMemory
KeSetEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
_alldiv
KeFlushQueuedDpcs
memcpy
_aulldiv
_allmul
KeQuerySystemTime
memset
_aullrem
strncpy
_vsnprintf
_allshl
_aullshr
ExNotifyCallback
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
KeBugCheckEx
RtlCopyUnicodeString
RtlGUIDFromString
MmMapLockedPagesSpecifyCache
KeInitializeMutex
RtlInitUnicodeString
DbgPrint

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
KeStallExecutionProcessor

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 955KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win7x86/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win7x86/rtlCoInst.dat
DWA 131/driver/Drivers/Win7x86/rtlCoInst.dll
.dll windows:5 windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

Actual PE Digest

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win81x64/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win81x64/Drtwlanu.sys
.sys windows:6 windows x64

7bbe0a0064f902ca618e7e74c650e15e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:80:69:83:9b:8c:e7:f3:7a:9e:80:8f:61:f5:bd:ca:6f:9f:5c:fb
Signer

Actual PE Digest

f6:80:69:83:9b:8c:e7:f3:7a:9e:80:8f:61:f5:bd:ca:6f:9f:5c:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisResetEvent
NdisWaitEvent
NdisOpenFile
NdisCloseFile
NdisMapFile
NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisGetVersion
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisAllocateTimerObject
NdisFreeMemory
NdisCancelTimerObject
NdisFreeTimerObject
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisSetOptionalHandlers
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisMIdleNotificationConfirm
NdisMIdleNotificationComplete
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisSetTimerObject
NdisWriteConfiguration

ntoskrnl.exe

KeLowerIrql
KfRaiseIrql
KeFlushQueuedDpcs
KeInitializeSpinLock
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCompareMemory
KeSetEvent
ExAllocatePool
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoCancelIrp
IoFreeIrp
IoReuseIrp
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
DbgPrint
RtlGUIDFromString
strncpy
_vsnprintf
ExNotifyCallback
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
RtlCopyUnicodeString
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
KeInitializeMutex
RtlInitUnicodeString
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win81x64/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win81x64/rtlCoInst.dat
DWA 131/driver/Drivers/Win81x64/rtlCoInst.dll
.dll windows:5 windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

Actual PE Digest

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win81x86/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win81x86/Drtwlanu.sys
.sys windows:6 windows x86

e84882cdc2da1f8a2ccec26c89de1ea5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:e7:fe:bb:6e:b7:93:77:9f:ee:d4:07:cc:29:e6:5d:38:06:02:c7
Signer

Actual PE Digest

c0:e7:fe:bb:6e:b7:93:77:9f:ee:d4:07:cc:29:e6:5d:38:06:02:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisGetVersion
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisAllocateTimerObject
NdisSetTimerObject
NdisCancelTimerObject
NdisMapFile
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisSetOptionalHandlers
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisMIdleNotificationConfirm
NdisMIdleNotificationComplete
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisCloseFile
NdisOpenFile
NdisWaitEvent
NdisResetEvent
NdisFreeMemory
NdisFreeTimerObject
NdisWriteConfiguration

ntoskrnl.exe

_alldiv
memcmp
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCompareMemory
KeSetEvent
ExAllocatePool
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoCancelIrp
IoFreeIrp
IoReuseIrp
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
KeInitializeSpinLock
KeFlushQueuedDpcs
memcpy
_aulldiv
DbgPrint
memset
RtlGUIDFromString
_aullshr
_allshl
_aullrem
strncpy
_vsnprintf
ExNotifyCallback
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
RtlCopyUnicodeString
MmMapLockedPagesSpecifyCache
KeInitializeMutex
RtlInitUnicodeString
_allmul
KeQuerySystemTime

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
KeStallExecutionProcessor

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 968KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win81x86/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win81x86/rtlCoInst.dat
DWA 131/driver/Drivers/Win81x86/rtlCoInst.dll
.dll windows:5 windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

Actual PE Digest

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win8x64/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win8x64/Drtwlanu.sys
.sys windows:6 windows x64

7bbe0a0064f902ca618e7e74c650e15e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:80:69:83:9b:8c:e7:f3:7a:9e:80:8f:61:f5:bd:ca:6f:9f:5c:fb
Signer

Actual PE Digest

f6:80:69:83:9b:8c:e7:f3:7a:9e:80:8f:61:f5:bd:ca:6f:9f:5c:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ndis.sys

NdisResetEvent
NdisWaitEvent
NdisOpenFile
NdisCloseFile
NdisMapFile
NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisGetVersion
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisAllocateTimerObject
NdisFreeMemory
NdisCancelTimerObject
NdisFreeTimerObject
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisSetOptionalHandlers
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisMIdleNotificationConfirm
NdisMIdleNotificationComplete
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisSetTimerObject
NdisWriteConfiguration

ntoskrnl.exe

KeLowerIrql
KfRaiseIrql
KeFlushQueuedDpcs
KeInitializeSpinLock
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCompareMemory
KeSetEvent
ExAllocatePool
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoCancelIrp
IoFreeIrp
IoReuseIrp
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
DbgPrint
RtlGUIDFromString
strncpy
_vsnprintf
ExNotifyCallback
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
RtlCopyUnicodeString
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
KeInitializeMutex
RtlInitUnicodeString
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win8x64/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win8x64/rtlCoInst.dat
DWA 131/driver/Drivers/Win8x64/rtlCoInst.dll
.dll windows:5 windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

Actual PE Digest

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win8x86/Dnetrtwlanu.inf
DWA 131/driver/Drivers/Win8x86/Drtwlanu.sys
.sys windows:6 windows x86

e84882cdc2da1f8a2ccec26c89de1ea5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:e7:fe:bb:6e:b7:93:77:9f:ee:d4:07:cc:29:e6:5d:38:06:02:c7
Signer

Actual PE Digest

c0:e7:fe:bb:6e:b7:93:77:9f:ee:d4:07:cc:29:e6:5d:38:06:02:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisUnmapFile
NdisInitializeString
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisMRemoveMiniport
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeEvent
NdisOpenConfigurationEx
NdisMIndicateStatusEx
NdisMOidRequestComplete
NdisGetVersion
NdisSetEvent
NdisAllocateMemoryWithTagPriority
NdisAllocateTimerObject
NdisSetTimerObject
NdisCancelTimerObject
NdisMapFile
NdisMSleep
NdisAllocateIoWorkItem
NdisQueueIoWorkItem
NdisFreeIoWorkItem
NdisMNetPnPEvent
NdisMAllocatePort
NdisMFreePort
NdisSetOptionalHandlers
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisFreeMdl
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisMIdleNotificationConfirm
NdisMIdleNotificationComplete
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisCloseFile
NdisOpenFile
NdisWaitEvent
NdisResetEvent
NdisFreeMemory
NdisFreeTimerObject
NdisWriteConfiguration

ntoskrnl.exe

_alldiv
memcmp
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCompareMemory
KeSetEvent
ExAllocatePool
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoCancelIrp
IoFreeIrp
IoReuseIrp
IoWMIRegistrationControl
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
KeClearEvent
KeWaitForSingleObject
KeInitializeSpinLock
KeFlushQueuedDpcs
memcpy
_aulldiv
DbgPrint
memset
RtlGUIDFromString
_aullshr
_allshl
_aullrem
strncpy
_vsnprintf
ExNotifyCallback
KeReleaseMutex
KeInitializeSemaphore
KeReleaseSemaphore
KeSetPriorityThread
ExCreateCallback
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IofCompleteRequest
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveNextIrp
RtlCopyUnicodeString
MmMapLockedPagesSpecifyCache
KeInitializeMutex
RtlInitUnicodeString
_allmul
KeQuerySystemTime

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
KeStallExecutionProcessor

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 968KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/Win8x86/dnetrtwlanu.cat
DWA 131/driver/Drivers/Win8x86/rtlCoInst.dat
DWA 131/driver/Drivers/Win8x86/rtlCoInst.dll
.dll windows:5 windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

Actual PE Digest

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/WinXPX64/Dnetrtwlanu_XP.inf
DWA 131/driver/Drivers/WinXPX64/Drtwlanu_XP.sys
.sys windows:5 windows x64

42c6ff97a89d026bfdcdfbf1177d1c48

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:ba:46:66:73:02:ac:04:f9:fa:e6:28:5c:1a:ec:34:ae:e3:11:de
Signer

Actual PE Digest

38:ba:46:66:73:02:ac:04:f9:fa:e6:28:5c:1a:ec:34:ae:e3:11:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PoRequestPowerIrp
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeClearEvent
IoFreeMdl
IoFreeIrp
KeSetEvent
ExAllocatePoolWithTag
IoReuseIrp
IoCancelIrp
IoAllocateIrp
IofCallDriver
DbgPrint
RtlGUIDFromString
MmMapLockedPages
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeBugCheckEx
ExFreePoolWithTag
_vsnprintf
ExNotifyCallback
strncpy
KeInitializeMutex
KeReleaseMutex
PsTerminateSystemThread
ZwClose
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExCreateCallback
KeInitializeSemaphore
KeReleaseSemaphore
MmMapLockedPagesSpecifyCache
IofCompleteRequest
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoCsqInitialize
RtlInitUnicodeString

hal

KeStallExecutionProcessor

ndis.sys

NdisAllocatePacket
NdisAllocateBuffer
NdisInitializeWrapper
NdisMRegisterMiniport
NdisMRegisterUnloadHandler
NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisGetVersion
NdisFreeBufferPool
NdisFreePacketPool
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisUnchainBufferAtFront
NdisFreePacket
NdisMSleep
NdisMInitializeTimer
NdisMRemoveMiniport
NdisScheduleWorkItem
NdisMDeregisterAdapterShutdownHandler
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisCloseFile
NdisUnmapFile
NdisMapFile
NdisOpenFile
NdisInitializeString
NdisInitializeEvent
NdisWaitEvent
NdisMRegisterDevice
NdisMDeregisterDevice
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisResetEvent
NdisSetEvent
NdisSetTimer
NdisMCancelTimer

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/WinXPX64/RTLBt.inf
DWA 131/driver/Drivers/WinXPX64/dnetrtwlanu.cat
DWA 131/driver/Drivers/WinXPX64/rtlCoInst.dat
DWA 131/driver/Drivers/WinXPX64/rtlCoInst.dll
.dll windows:5 windows x64

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

Actual PE Digest

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
_strnicmp
strncmp
fclose
malloc
sprintf
_initterm
memset
fopen
fgets
strtok

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetLastError
OutputDebugStringA
GetSystemDirectoryA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/WinXPx86_Win2K/Dnetrtwlanu_XP.inf
DWA 131/driver/Drivers/WinXPx86_Win2K/Drtwlanu_XP.sys
.sys windows:5 windows x86

cc9b908b25633710c2c4425bf4f11563

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:5f:1c:fb:ce:00:4f:95:42:3a:e0:d3:4f:f1:e7:52:61:2b:86:28
Signer

Actual PE Digest

c7:5f:1c:fb:ce:00:4f:95:42:3a:e0:d3:4f:f1:e7:52:61:2b:86:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoReuseIrp
PoRequestPowerIrp
InterlockedExchange
InterlockedDecrement
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeClearEvent
IoFreeIrp
KeTickCount
ExAllocatePoolWithTag
ExFreePool
IoCancelIrp
IoAllocateIrp
IofCallDriver
_alldiv
KeInitializeSpinLock
DbgPrint
_aulldiv
_allmul
KeBugCheckEx
KeSetEvent
_allshl
_vsnprintf
_aullshr
_aullrem
ExNotifyCallback
strncpy
InterlockedCompareExchange
KeInitializeMutex
KeReleaseMutex
PsTerminateSystemThread
ZwClose
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExCreateCallback
RtlInitUnicodeString
KeInitializeSemaphore
KeReleaseSemaphore
MmMapLockedPagesSpecifyCache
IofCompleteRequest
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoCsqInitialize
RtlGUIDFromString

hal

KeGetCurrentIrql
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

ndis.sys

NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisGetVersion
NdisInterlockedIncrement
NdisInterlockedDecrement
NdisMDeregisterAdapterShutdownHandler
NdisFreeBufferPool
NdisMRegisterUnloadHandler
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisFreePacket
NdisMInitializeTimer
NdisMSleep
NdisAllocateMemoryWithTag
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocateBuffer
NdisAllocatePacket
NdisFreePacketPool
NdisMCancelTimer
NdisFreeMemory
NdisCloseFile
NdisUnmapFile
NdisMapFile
NdisOpenFile
NdisInitializeString
NdisInitializeEvent
NdisWaitEvent
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisMRegisterDevice
NdisInitUnicodeString
NdisMDeregisterDevice
NdisQueryBuffer
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisGetCurrentSystemTime
NdisResetEvent
NdisSetEvent
NdisSetTimer
NdisMRemoveMiniport
NdisScheduleWorkItem

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1011KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Drivers/WinXPx86_Win2K/RTLBt.inf
DWA 131/driver/Drivers/WinXPx86_Win2K/dnetrtwlanu.cat
DWA 131/driver/Drivers/WinXPx86_Win2K/rtlCoInst.dat
DWA 131/driver/Drivers/WinXPx86_Win2K/rtlCoInst.dll
.dll windows:5 windows x86

b56ee6cf404c5405eeff689c530d7c80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

Actual PE Digest

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
fopen
fgets
strtok
fclose
strncmp
_strnicmp
sprintf

setupapi

SetupDiOpenDevRegKey
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetSystemDirectoryA
GetLastError
OutputDebugStringA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Exports

Exports

rtlCoInst

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWA 131/driver/Setup.exe
.exe windows:4 windows x86

662f0dd1f7227b8e3a6428b14b8aac90

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a5:86:a9:5b:44:60:9e:9f:ae:25:f9:27:79:62:d6
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2015, 00:00

Not After

20/09/2018, 23:59

Subject

CN=D-LINK CORPORATION,O=D-LINK CORPORATION,L=NEIHU DISTRICT,ST=TAIWAN,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:a5:86:a9:5b:44:60:9e:9f:ae:25:f9:27:79:62:d6
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2015, 00:00

Not After

20/09/2018, 23:59

Subject

CN=D-LINK CORPORATION,O=D-LINK CORPORATION,L=NEIHU DISTRICT,ST=TAIWAN,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

db:5c:5a:46:db:4e:d1:c9:30:a7:62:bc:0d:74:b0:af:b5:de:b2:17:78:7b:32:da:4b:97:b9:9e:04:4e:62:3a
Signer

Actual PE Digest

db:5c:5a:46:db:4e:d1:c9:30:a7:62:bc:0d:74:b0:af:b5:de:b2:17:78:7b:32:da:4b:97:b9:9e:04:4e:62:3a

Digest Algorithm

sha256

PE Digest Matches

true

6e:f0:2a:d5:3b:40:f5:ed:73:dd:08:17:dd:9c:be:91:44:d0:32:52
Signer

Actual PE Digest

6e:f0:2a:d5:3b:40:f5:ed:73:dd:08:17:dd:9c:be:91:44:d0:32:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetShortPathNameA
SetEvent
HeapDestroy
GetDriveTypeA
GetExitCodeProcess
CopyFileA
lstrcpynA
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
GetCurrentThreadId
LoadLibraryA
SetFilePointer
LoadLibraryExA
GetTickCount
GetVersion
GetWindowsDirectoryA
FormatMessageA
LocalFree
SetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
SizeofResource
GetTempPathA
GlobalSize
FreeResource
GetLocalTime
GetCurrentProcessId
SearchPathA
FindNextFileA
GetTempFileNameA
TerminateProcess
IsBadReadPtr
VirtualQuery
VirtualProtect
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
GetCurrentThread
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
GetPrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
lstrcpyA
lstrcmpiA
lstrlenA
GetSystemDefaultLangID
lstrcatA
SetLastError
GetLastError
WideCharToMultiByte
CompareStringA
CompareStringW
GetVersionExA
GetProcAddress
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetStartupInfoA
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
InterlockedExchange
MulDiv
DeleteCriticalSection
GetPrivateProfileSectionNamesA
GetModuleHandleA
GetModuleFileNameA
Sleep
CloseHandle
InitializeCriticalSection
ReleaseMutex
CreateMutexA
ReadFile
WriteFile
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CreateFileA
CreateThread
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
SetErrorMode
FindResourceExA
FindResourceA
LoadResource
LockResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileA
RemoveDirectoryA
AddAtomA
WritePrivateProfileStringA
GetAtomNameA
lstrlenW
CreateProcessA

user32

MoveWindow
EndDialog
LoadIconA
GetDlgItem
SendMessageA
SetDlgItemTextA
SetWindowLongA
DialogBoxIndirectParamA
CharUpperA
WaitForInputIdle
wsprintfA
GetWindowRect
GetWindowLongA
ShowWindow
IntersectRect
SetWindowTextA
RegisterClassExA
CreateWindowExA
GetClassNameA
GetDialogBaseUnits
EnumChildWindows
CallWindowProcA
CharLowerBuffA
GetDlgItemTextA
SetFocus
IsDlgButtonChecked
CheckDlgButton
BeginPaint
EndPaint
FillRect
ScreenToClient
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
DefWindowProcA
GetPropA
EnableMenuItem
SetPropA
RemovePropA
IsWindow
GetSysColor
IsDialogMessageA
TranslateMessage
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
MessageBoxA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
CharNextA
PostThreadMessageA
LoadStringA
SetActiveWindow
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetDesktopWindow
SetWindowRgn
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
DrawFocusRect
InflateRect
DrawTextA
CopyRect
PostMessageA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc

ole32

StringFromGUID2
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
GetRunningObjectTable
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
VariantChangeType
GetErrorInfo
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantClear
VariantCopy
SysReAllocStringLen

lz32

LZCopy
LZOpenFileA
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DWA 131/manual/DWA-131_E1_Manual_v5.00(DE).pdf
.pdf
DWA 131/manual/DWA-131_E1_Manual_v5.00(ES).pdf
.pdf
DWA 131/manual/DWA-131_E1_Manual_v5.00(EU).pdf
.pdf
DWA 131/manual/DWA-131_E1_Manual_v5.00(FR).pdf
.pdf
DWA 131/manual/DWA-131_E1_Manual_v5.00(IT).pdf
.pdf
DWA 131/manual/DWA-131_E1_Manual_v5.00(PT).pdf
.pdf

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

01:a5:86:a9:5b:44:60:9e:9f:ae:25:f9:27:79:62:d6Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

b5:ca:9e:ac:65:f8:a0:c7:3b:1d:f3:61:72:11:98:92:bc:3b:30:e6Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 505KB - Virtual size: 508KB

.rsrc Size: 10KB - Virtual size: 12KB

590b8f5b85b390841c9b7eab44209f47

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

wdfldr.sys

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 230KB - Virtual size: 229KB

.data Size: 1.1MB - Virtual size: 1.2MB

.pdata Size: 33KB - Virtual size: 33KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 107KB - Virtual size: 106KB

49861fc8b24187bb146a41202e5ab2c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:feSigner

Headers

File Characteristics

Imports

msvcrt

ntdll

setupapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 264B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 72B

8ef3279ec6f029dbb7560bc5380640f5

Headers

DLL Characteristics

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

01:a5:86:a9:5b:44:60:9e:9f:ae:25:f9:27:79:62:d6
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b5:ca:9e:ac:65:f8:a0:c7:3b:1d:f3:61:72:11:98:92:bc:3b:30:e6
Signer

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 505KB - Virtual size: 508KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.pdata
Size: 33KB - Virtual size: 33KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 107KB - Virtual size: 106KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e2:f7:cf:5d:ef:fb:68:6f:51:91:82:7e:75:0d:1a:4f:dc:58:88:fe
Signer

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 264B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 72B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 192KB - Virtual size: 192KB

.data
Size: 944KB - Virtual size: 1.0MB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 131KB - Virtual size: 131KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

74:c1:3d:a8:b3:af:75:3b:c6:33:b8:9d:03:d8:c8:b8:98:bd:70:d5
Signer

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 48B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 1024B - Virtual size: 544B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ec:99:76:7d:80:0d:33:50:a1:7b:1a:13:69:5e:0e:18:5c:62:ef:4f
Signer