3f217f856cf7e8f3061fba7cd186ab65128103d1dfe6e62937177a46ffa902b9[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

3f217f856cf7e8f3061fba7cd186ab65128103d1dfe6e62937177a46ffa902b9.zip.zip
Size

12.3MB
MD5

aea8ae1222a776e86a76d4678cf7b8a6
SHA1

f5b5f9ba008193261e27ae2b5da2791f5f6d093a
SHA256

0fabec629a294f31a72c708bd4f82541d190d6e5c14c1339cba81198c91564f7
SHA512

3cdea52750b77484d7c56fca43025b21d220c6da98b69730b7bda316e7f81ec7db02649cc23267a22918b70f140f61f3986471b67da5acc30ff1e0eab736d097
SSDEEP

393216:aEm/rQ/S5800KS+U3eOpIoGo9RJoJPci/cqddW:aUKNU4mpo6itg

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Camera/OV2680/ov2680.sys
unpack002/Camera/iacamera32/IntelCameraPlugin.dll
unpack002/Camera/iacamera32/IntelSocYuvCopy.dll
unpack002/Camera/iacamera32/libia_cp.dll
unpack002/Camera/iacamera32/pvl.dll

Files

3f217f856cf7e8f3061fba7cd186ab65128103d1dfe6e62937177a46ffa902b9.zip.zip
.zip

Password: infected
3f217f856cf7e8f3061fba7cd186ab65128103d1dfe6e62937177a46ffa902b9.zip
.zip
Camera/Install.bat
Camera/OV2680/OV2680_12P2BA536_CHT_CR.cpf
Camera/OV2680/ov2680.cat
Camera/OV2680/ov2680.inf
Camera/OV2680/ov2680.sys
.sys windows:10 windows x86

e0a67861a8fa7407241a6310e977e883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoWMIRegistrationControl
ZwClose
ZwOpenEvent
ZwCreateEvent
ZwWaitForSingleObject
ZwSetEvent
memcpy
memset
memcpy_s
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
RtlFreeUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwOpenKey
ZwQueryValueKey
DbgPrintEx
IoGetDevicePropertyData
KeQuerySystemTime
RtlEqualString
KeInitializeEvent
RtlCompareMemory
RtlAnsiCharToUnicodeChar
MmGetSystemRoutineAddress
RtlInitUnicodeString
KeWaitForSingleObject
KeDelayExecutionThread
KeSetEvent

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/OV5648/UNI_OV5648_MTD5648.cpf
Camera/OV5648/UNI_OV5648_MTD5648_CHT.cpf
Camera/OV5648/UNI_OV5648_MTD5648_CHT_CR.cpf
Camera/OV5648/ov5648.cat
Camera/OV5648/ov5648.inf
Camera/OV5648/ov5648.sys
.sys windows:10 windows x86

07a2806dc50f77ef2c4ccd389f8edf6c

Code Sign

49:82:11:88:cc:af:1e:93:46:6e:0e:40:0e:32:f0:96
Certificate

Issuer

CN=WDKTestCert huizhou1\,130735866078346983

Not Before

15/04/2015, 15:50

Not After

15/04/2025, 00:00

Subject

CN=WDKTestCert huizhou1\,130735866078346983

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/12/2014, 19:27

Not After

19/03/2016, 19:27

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:d0:a8:73:10:77:37:74:a3:08:bc:7c:1e:0a:d2:6f:2b:ef:9f:7b:58:a9:71:71:9a:89:e7:56:49:36:a0:07
Signer

Actual PE Digest

cd:d0:a8:73:10:77:37:74:a3:08:bc:7c:1e:0a:d2:6f:2b:ef:9f:7b:58:a9:71:71:9a:89:e7:56:49:36:a0:07

Digest Algorithm

sha256

PE Digest Matches

true

62:3a:e3:eb:3d:88:0e:5e:d6:e3:fc:e0:d7:85:f6:e6:bc:77:0b:a1
Signer

Actual PE Digest

62:3a:e3:eb:3d:88:0e:5e:d6:e3:fc:e0:d7:85:f6:e6:bc:77:0b:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
RtlFreeAnsiString
KeSetEvent
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwClose
_allmul
_aulldiv
memset
MmGetSystemRoutineAddress
RtlCompareMemory
KeInitializeEvent
IoWMIRegistrationControl
ZwOpenEvent
RtlUnicodeStringToAnsiString
ZwWaitForSingleObject
ZwSetEvent
memcpy
memcpy_s
RtlCopyUnicodeString
KeDelayExecutionThread
ZwOpenKey
ZwQueryValueKey
DbgPrintEx
IoGetDevicePropertyData
KeQuerySystemTime
RtlEqualString
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
ZwCreateEvent
strncat

wdfldr.sys

WdfVersionBindClass
WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/OV5648/unicam.INT5648#2.spf
Camera/OV5648/unicam.default.spf
Camera/iacamera32/IntelCameraPlugin.dll
.dll regsvr32 windows:6 windows x86

63a30b7f9f3bfb7fe9bc03895a82f376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfplat

MFCreateDXGIDeviceManager
MFPutWaitingWorkItem
MFCreateAsyncResult
MFCancelWorkItem
MFScheduleWorkItemEx
MFStartup
MFShutdown
MFCreateEventQueue
MFCreateAttributes
MFCreateMediaEvent
MFGetStrideForBitmapInfoHeader
MFCreateMediaType
MFAllocateSerialWorkQueue
MFUnlockWorkQueue
MFPutWorkItemEx
MFCreateMemoryBuffer
MFInitMediaTypeFromAMMediaType
MFCreateSample
MFCreate2DMediaBuffer

kernel32

FindFirstFileW
UnhandledExceptionFilter
InitializeCriticalSectionEx
RaiseException
GetLastError
DecodePointer
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
LockResource
Sleep
CloseHandle
CreateEventW
SetLastError
CreateFileW
GetFileSize
ReadFile
WriteFile
DeleteFileW
ResetEvent
SetEvent
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetModuleFileNameA
GetThreadLocale
SetThreadLocale
EncodePointer
CreateSemaphoreW
ReleaseSemaphore
WideCharToMultiByte
CreateMutexW
ReleaseMutex
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
SwitchToThread
LoadLibraryW
SetThreadErrorMode
GetFileAttributesW
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
RtlUnwind
HeapReAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
FindNextFileW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetStringTypeW
LCMapStringW
CompareStringW
FlushFileBuffers
SetStdHandle
GetConsoleCP
IsProcessorFeaturePresent
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
CreateDirectoryW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
OutputDebugStringW
HeapFree

user32

CharNextW
EnumDisplaySettingsW

advapi32

RegQueryValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

BSTR_UserUnmarshal
SysFreeString
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysStringLen
BSTR_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
BSTR_UserFree
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi

rpcrt4

CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect

d3d11

D3D11CreateDevice

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
bicubic_resize_32f_to_u16p10
ia_aiq_ae_run
ia_aiq_af_bracket
ia_aiq_af_run
ia_aiq_awb_run
ia_aiq_deinit
ia_aiq_dsd_run
ia_aiq_gbce_run
ia_aiq_get_aiqd_data
ia_aiq_init
ia_aiq_pa_run
ia_aiq_sa_run
ia_aiq_sensor_events_set
ia_aiq_statistics_set
ia_cmc_deep_copy
ia_cmc_parser_deinit
ia_cmc_parser_init
ia_dvs2_allocate_coefficients
ia_dvs2_allocate_morph_table
ia_dvs2_allocate_statistics
ia_dvs2_check_gdc_constraints
ia_dvs2_config
ia_dvs2_deinit
ia_dvs2_deinit_dbglog
ia_dvs2_dump_prods
ia_dvs2_execute
ia_dvs2_free_coefficients
ia_dvs2_free_morph_table
ia_dvs2_free_statistics
ia_dvs2_fwrite_dbglog
ia_dvs2_get_coefficients
ia_dvs2_get_morph_table
ia_dvs2_get_prod_ptr
ia_dvs2_get_version
ia_dvs2_init
ia_dvs2_morph_table_log
ia_dvs2_reset_dbglog
ia_dvs2_reset_interframe_parameter
ia_dvs2_set_cut_off_frequency
ia_dvs2_set_digital_zoom_magnitude
ia_dvs2_set_distortion_coeff
ia_dvs2_set_enable_dbglog_item
ia_dvs2_set_enable_fp_log
ia_dvs2_set_enable_gdc_log
ia_dvs2_set_enable_info_log
ia_dvs2_set_min_local_motion
ia_dvs2_set_non_blank_ratio
ia_dvs2_set_statistics
ia_dvs2_set_wave_length
ia_dvs2_start_dbglog
ia_dvs2_stop_dbglog
ia_emd_decoder_deinit
ia_emd_decoder_init
ia_emd_decoder_run
ia_exc_analog_gain_to_sensor_units
ia_exc_convert_gain_codes_to_iso
ia_exc_convert_iso_to_gains
ia_exc_digital_gain_to_sensor_units
ia_exc_exposure_time_to_sensor_units
ia_exc_get_analog_gain_code
ia_exc_sensor_units_to_analog_gain
ia_exc_sensor_units_to_digital_gain
ia_exc_sensor_units_to_exposure_time
ia_isp_2_2_deinit
ia_isp_2_2_init
ia_isp_2_2_run
ia_isp_2_2_statistics_convert
ia_log
ia_log_deinit
ia_log_init
ia_log_strerror
ia_mkn_add_record
ia_mkn_change_endianness
ia_mkn_enable
ia_mkn_get_record
ia_mkn_get_record_headers
ia_mkn_init
ia_mkn_is_valid
ia_mkn_merge
ia_mkn_prepare
ia_mkn_print_record
ia_mkn_reset
ia_mkn_uninit
ia_mknt_to_mkn
ia_nvm_binary_create
ia_nvm_binary_delete
ia_nvm_deinit
ia_nvm_parse
image_downscale_32f_to_u16p10
resize_2d_array_uint32

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iacamera32/IntelSocYuvCopy.dll
.dll regsvr32 windows:6 windows x86

0604f63fc5e77623a6a3456d5c6ad42d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
lstrcmpW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcess
GetVersionExW
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
OutputDebugStringW
GetModuleFileNameA
GetLastError
lstrlenW
MultiByteToWideChar
lstrlenA
CloseHandle
FreeLibrary
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
CreateFileW
LoadLibraryExW
RtlUnwind
GetCommandLineA
EncodePointer
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

CoUninitialize
CoInitialize
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iacamera32/Thumbs.db
Camera/iacamera32/cilkrts20_32.dll
.dll windows:5 windows x86

4a2e236e827eee0885e4ff0b2a78791a

Code Sign

1b:aa:c3:a2:00:01:00:00:79:76
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

12/12/2011, 18:40

Not After

26/11/2014, 18:40

Subject

CN=Intel(R) Software Products

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:f7:0b:1e:f9:97:cf:cf:ac:c3:3e:fa:0a:2c:0f:d1:16:e0:68:e3
Signer

Actual PE Digest

56:f7:0b:1e:f9:97:cf:cf:ac:c3:3e:fa:0a:2c:0f:d1:16:e0:68:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
Sleep
CreateFiber
GetEnvironmentVariableA
EnterCriticalSection
LeaveCriticalSection
SwitchToFiber
ConvertThreadToFiber
GetModuleHandleW
GetProcAddress
SetEvent
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentThread
GetLastError
GetCurrentThreadId
IsDebuggerPresent
RaiseException
ConvertFiberToThread
DeleteFiber
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
GetModuleHandleExA
LoadLibraryA
SetErrorMode
GetSystemInfo
WaitForMultipleObjects
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
lstrcpynA
lstrcmpA
CloseHandle
CreateEventW
VirtualQuery
GetEnvironmentVariableW
GetModuleFileNameW
GetVersionExW
DebugBreak
InterlockedIncrement
SwitchToThread
InitializeCriticalSection
GetThreadLocale
SetEnvironmentVariableA
GetCommandLineA
RtlUnwind
HeapAlloc
HeapFree
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitProcess
ExitThread
CreateThread
GetSystemTimeAsFileTime
TlsFree
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
VirtualAlloc
HeapReAlloc
WriteFile
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
ReadFile
CreateFileA
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
FormatMessageA

user32

GetSystemMetrics

Exports

Exports

___cilkrts_worker_stub@4
__cilkrts_bind_thread
__cilkrts_bind_thread_1
__cilkrts_bump_loop_rank
__cilkrts_bump_loop_rank_internal
__cilkrts_bump_worker_rank
__cilkrts_bump_worker_rank_internal
__cilkrts_cilk_for_32
__cilkrts_cilk_for_64
__cilkrts_detach_handler
__cilkrts_dump_stats
__cilkrts_end_cilk
__cilkrts_enter_frame
__cilkrts_enter_frame_1
__cilkrts_enter_frame_fast
__cilkrts_enter_frame_fast_1
__cilkrts_get_force_reduce
__cilkrts_get_nworkers
__cilkrts_get_pedigree_info
__cilkrts_get_pedigree_internal
__cilkrts_get_sf
__cilkrts_get_stack_size
__cilkrts_get_tls_worker
__cilkrts_get_tls_worker_fast
__cilkrts_get_total_workers
__cilkrts_get_worker_number
__cilkrts_get_worker_rank
__cilkrts_hyper_create
__cilkrts_hyper_destroy
__cilkrts_hyper_lookup
__cilkrts_hyperobject_alloc
__cilkrts_hyperobject_dealloc
__cilkrts_hyperobject_noop_destroy
__cilkrts_init
__cilkrts_init_worker_sysdep
__cilkrts_irml_version
__cilkrts_leave_frame
__cilkrts_metacall
__cilkrts_rethrow
__cilkrts_save_fp_ctrl_state
__cilkrts_set_param
__cilkrts_set_param_w
__cilkrts_set_seh_callback
__cilkrts_setjmp
__cilkrts_stack_alloc
__cilkrts_stack_free
__cilkrts_sync
__cilkrts_synched
__cilkrts_watch_stack
cilk_c_reducer_max_identity_char
cilk_c_reducer_max_identity_double
cilk_c_reducer_max_identity_float
cilk_c_reducer_max_identity_int
cilk_c_reducer_max_identity_long
cilk_c_reducer_max_identity_longdouble
cilk_c_reducer_max_identity_longlong
cilk_c_reducer_max_identity_schar
cilk_c_reducer_max_identity_short
cilk_c_reducer_max_identity_uchar
cilk_c_reducer_max_identity_uint
cilk_c_reducer_max_identity_ulong
cilk_c_reducer_max_identity_ulonglong
cilk_c_reducer_max_identity_unsigned
cilk_c_reducer_max_identity_ushort
cilk_c_reducer_max_identity_wchar_t
cilk_c_reducer_max_index_identity_char
cilk_c_reducer_max_index_identity_double
cilk_c_reducer_max_index_identity_float
cilk_c_reducer_max_index_identity_int
cilk_c_reducer_max_index_identity_long
cilk_c_reducer_max_index_identity_longdouble
cilk_c_reducer_max_index_identity_longlong
cilk_c_reducer_max_index_identity_schar
cilk_c_reducer_max_index_identity_short
cilk_c_reducer_max_index_identity_uchar
cilk_c_reducer_max_index_identity_uint
cilk_c_reducer_max_index_identity_ulong
cilk_c_reducer_max_index_identity_ulonglong
cilk_c_reducer_max_index_identity_unsigned
cilk_c_reducer_max_index_identity_ushort
cilk_c_reducer_max_index_identity_wchar_t
cilk_c_reducer_max_index_reduce_char
cilk_c_reducer_max_index_reduce_double
cilk_c_reducer_max_index_reduce_float
cilk_c_reducer_max_index_reduce_int
cilk_c_reducer_max_index_reduce_long
cilk_c_reducer_max_index_reduce_longdouble
cilk_c_reducer_max_index_reduce_longlong
cilk_c_reducer_max_index_reduce_schar
cilk_c_reducer_max_index_reduce_short
cilk_c_reducer_max_index_reduce_uchar
cilk_c_reducer_max_index_reduce_uint
cilk_c_reducer_max_index_reduce_ulong
cilk_c_reducer_max_index_reduce_ulonglong
cilk_c_reducer_max_index_reduce_unsigned
cilk_c_reducer_max_index_reduce_ushort
cilk_c_reducer_max_index_reduce_wchar_t
cilk_c_reducer_max_reduce_char
cilk_c_reducer_max_reduce_double
cilk_c_reducer_max_reduce_float
cilk_c_reducer_max_reduce_int
cilk_c_reducer_max_reduce_long
cilk_c_reducer_max_reduce_longdouble
cilk_c_reducer_max_reduce_longlong
cilk_c_reducer_max_reduce_schar
cilk_c_reducer_max_reduce_short
cilk_c_reducer_max_reduce_uchar
cilk_c_reducer_max_reduce_uint
cilk_c_reducer_max_reduce_ulong
cilk_c_reducer_max_reduce_ulonglong
cilk_c_reducer_max_reduce_unsigned
cilk_c_reducer_max_reduce_ushort
cilk_c_reducer_max_reduce_wchar_t
cilk_c_reducer_min_identity_char
cilk_c_reducer_min_identity_double
cilk_c_reducer_min_identity_float
cilk_c_reducer_min_identity_int
cilk_c_reducer_min_identity_long
cilk_c_reducer_min_identity_longdouble
cilk_c_reducer_min_identity_longlong
cilk_c_reducer_min_identity_schar
cilk_c_reducer_min_identity_short
cilk_c_reducer_min_identity_uchar
cilk_c_reducer_min_identity_uint
cilk_c_reducer_min_identity_ulong
cilk_c_reducer_min_identity_ulonglong
cilk_c_reducer_min_identity_unsigned
cilk_c_reducer_min_identity_ushort
cilk_c_reducer_min_identity_wchar_t
cilk_c_reducer_min_index_identity_char
cilk_c_reducer_min_index_identity_double
cilk_c_reducer_min_index_identity_float
cilk_c_reducer_min_index_identity_int
cilk_c_reducer_min_index_identity_long
cilk_c_reducer_min_index_identity_longdouble
cilk_c_reducer_min_index_identity_longlong
cilk_c_reducer_min_index_identity_schar
cilk_c_reducer_min_index_identity_short
cilk_c_reducer_min_index_identity_uchar
cilk_c_reducer_min_index_identity_uint
cilk_c_reducer_min_index_identity_ulong
cilk_c_reducer_min_index_identity_ulonglong
cilk_c_reducer_min_index_identity_unsigned
cilk_c_reducer_min_index_identity_ushort
cilk_c_reducer_min_index_identity_wchar_t
cilk_c_reducer_min_index_reduce_char
cilk_c_reducer_min_index_reduce_double
cilk_c_reducer_min_index_reduce_float
cilk_c_reducer_min_index_reduce_int
cilk_c_reducer_min_index_reduce_long
cilk_c_reducer_min_index_reduce_longdouble
cilk_c_reducer_min_index_reduce_longlong
cilk_c_reducer_min_index_reduce_schar
cilk_c_reducer_min_index_reduce_short
cilk_c_reducer_min_index_reduce_uchar
cilk_c_reducer_min_index_reduce_uint
cilk_c_reducer_min_index_reduce_ulong
cilk_c_reducer_min_index_reduce_ulonglong
cilk_c_reducer_min_index_reduce_unsigned
cilk_c_reducer_min_index_reduce_ushort
cilk_c_reducer_min_index_reduce_wchar_t
cilk_c_reducer_min_reduce_char
cilk_c_reducer_min_reduce_double
cilk_c_reducer_min_reduce_float
cilk_c_reducer_min_reduce_int
cilk_c_reducer_min_reduce_long
cilk_c_reducer_min_reduce_longdouble
cilk_c_reducer_min_reduce_longlong
cilk_c_reducer_min_reduce_schar
cilk_c_reducer_min_reduce_short
cilk_c_reducer_min_reduce_uchar
cilk_c_reducer_min_reduce_uint
cilk_c_reducer_min_reduce_ulong
cilk_c_reducer_min_reduce_ulonglong
cilk_c_reducer_min_reduce_unsigned
cilk_c_reducer_min_reduce_ushort
cilk_c_reducer_min_reduce_wchar_t
cilk_c_reducer_opadd_identity_char
cilk_c_reducer_opadd_identity_double
cilk_c_reducer_opadd_identity_float
cilk_c_reducer_opadd_identity_int
cilk_c_reducer_opadd_identity_long
cilk_c_reducer_opadd_identity_longdouble
cilk_c_reducer_opadd_identity_longlong
cilk_c_reducer_opadd_identity_schar
cilk_c_reducer_opadd_identity_short
cilk_c_reducer_opadd_identity_uchar
cilk_c_reducer_opadd_identity_uint
cilk_c_reducer_opadd_identity_ulong
cilk_c_reducer_opadd_identity_ulonglong
cilk_c_reducer_opadd_identity_unsigned
cilk_c_reducer_opadd_identity_ushort
cilk_c_reducer_opadd_identity_wchar_t
cilk_c_reducer_opadd_reduce_char
cilk_c_reducer_opadd_reduce_double
cilk_c_reducer_opadd_reduce_float
cilk_c_reducer_opadd_reduce_int
cilk_c_reducer_opadd_reduce_long
cilk_c_reducer_opadd_reduce_longdouble
cilk_c_reducer_opadd_reduce_longlong
cilk_c_reducer_opadd_reduce_schar
cilk_c_reducer_opadd_reduce_short
cilk_c_reducer_opadd_reduce_uchar
cilk_c_reducer_opadd_reduce_uint
cilk_c_reducer_opadd_reduce_ulong
cilk_c_reducer_opadd_reduce_ulonglong
cilk_c_reducer_opadd_reduce_unsigned
cilk_c_reducer_opadd_reduce_ushort
cilk_c_reducer_opadd_reduce_wchar_t
cilk_c_reducer_opand_identity_char
cilk_c_reducer_opand_identity_int
cilk_c_reducer_opand_identity_long
cilk_c_reducer_opand_identity_longlong
cilk_c_reducer_opand_identity_schar
cilk_c_reducer_opand_identity_short
cilk_c_reducer_opand_identity_uchar
cilk_c_reducer_opand_identity_uint
cilk_c_reducer_opand_identity_ulong
cilk_c_reducer_opand_identity_ulonglong
cilk_c_reducer_opand_identity_unsigned
cilk_c_reducer_opand_identity_ushort
cilk_c_reducer_opand_identity_wchar_t
cilk_c_reducer_opand_reduce_char
cilk_c_reducer_opand_reduce_int
cilk_c_reducer_opand_reduce_long
cilk_c_reducer_opand_reduce_longlong
cilk_c_reducer_opand_reduce_schar
cilk_c_reducer_opand_reduce_short
cilk_c_reducer_opand_reduce_uchar
cilk_c_reducer_opand_reduce_uint
cilk_c_reducer_opand_reduce_ulong
cilk_c_reducer_opand_reduce_ulonglong
cilk_c_reducer_opand_reduce_unsigned
cilk_c_reducer_opand_reduce_ushort
cilk_c_reducer_opand_reduce_wchar_t
cilk_c_reducer_opmul_identity_char
cilk_c_reducer_opmul_identity_double
cilk_c_reducer_opmul_identity_float
cilk_c_reducer_opmul_identity_int
cilk_c_reducer_opmul_identity_long
cilk_c_reducer_opmul_identity_longdouble
cilk_c_reducer_opmul_identity_longlong
cilk_c_reducer_opmul_identity_schar
cilk_c_reducer_opmul_identity_short
cilk_c_reducer_opmul_identity_uchar
cilk_c_reducer_opmul_identity_uint
cilk_c_reducer_opmul_identity_ulong
cilk_c_reducer_opmul_identity_ulonglong
cilk_c_reducer_opmul_identity_unsigned
cilk_c_reducer_opmul_identity_ushort
cilk_c_reducer_opmul_identity_wchar_t
cilk_c_reducer_opmul_reduce_char
cilk_c_reducer_opmul_reduce_double
cilk_c_reducer_opmul_reduce_float
cilk_c_reducer_opmul_reduce_int
cilk_c_reducer_opmul_reduce_long
cilk_c_reducer_opmul_reduce_longdouble
cilk_c_reducer_opmul_reduce_longlong
cilk_c_reducer_opmul_reduce_schar
cilk_c_reducer_opmul_reduce_short
cilk_c_reducer_opmul_reduce_uchar
cilk_c_reducer_opmul_reduce_uint
cilk_c_reducer_opmul_reduce_ulong
cilk_c_reducer_opmul_reduce_ulonglong
cilk_c_reducer_opmul_reduce_unsigned
cilk_c_reducer_opmul_reduce_ushort
cilk_c_reducer_opmul_reduce_wchar_t
cilk_c_reducer_opor_identity_char
cilk_c_reducer_opor_identity_int
cilk_c_reducer_opor_identity_long
cilk_c_reducer_opor_identity_longlong
cilk_c_reducer_opor_identity_schar
cilk_c_reducer_opor_identity_short
cilk_c_reducer_opor_identity_uchar
cilk_c_reducer_opor_identity_uint
cilk_c_reducer_opor_identity_ulong
cilk_c_reducer_opor_identity_ulonglong
cilk_c_reducer_opor_identity_unsigned
cilk_c_reducer_opor_identity_ushort
cilk_c_reducer_opor_identity_wchar_t
cilk_c_reducer_opor_reduce_char
cilk_c_reducer_opor_reduce_int
cilk_c_reducer_opor_reduce_long
cilk_c_reducer_opor_reduce_longlong
cilk_c_reducer_opor_reduce_schar
cilk_c_reducer_opor_reduce_short
cilk_c_reducer_opor_reduce_uchar
cilk_c_reducer_opor_reduce_uint
cilk_c_reducer_opor_reduce_ulong
cilk_c_reducer_opor_reduce_ulonglong
cilk_c_reducer_opor_reduce_unsigned
cilk_c_reducer_opor_reduce_ushort
cilk_c_reducer_opor_reduce_wchar_t
cilk_c_reducer_opxor_identity_char
cilk_c_reducer_opxor_identity_int
cilk_c_reducer_opxor_identity_long
cilk_c_reducer_opxor_identity_longlong
cilk_c_reducer_opxor_identity_schar
cilk_c_reducer_opxor_identity_short
cilk_c_reducer_opxor_identity_uchar
cilk_c_reducer_opxor_identity_uint
cilk_c_reducer_opxor_identity_ulong
cilk_c_reducer_opxor_identity_ulonglong
cilk_c_reducer_opxor_identity_unsigned
cilk_c_reducer_opxor_identity_ushort
cilk_c_reducer_opxor_identity_wchar_t
cilk_c_reducer_opxor_reduce_char
cilk_c_reducer_opxor_reduce_int
cilk_c_reducer_opxor_reduce_long
cilk_c_reducer_opxor_reduce_longlong
cilk_c_reducer_opxor_reduce_schar
cilk_c_reducer_opxor_reduce_short
cilk_c_reducer_opxor_reduce_uchar
cilk_c_reducer_opxor_reduce_uint
cilk_c_reducer_opxor_reduce_ulong
cilk_c_reducer_opxor_reduce_ulonglong
cilk_c_reducer_opxor_reduce_unsigned
cilk_c_reducer_opxor_reduce_ushort
cilk_c_reducer_opxor_reduce_wchar_t

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itt_not
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iacamera32/iacamera32.cat
Camera/iacamera32/iacamera32.inf
Camera/iacamera32/iacamera32.sys
.sys windows:10 windows x86

b1bf270ea9cda8d2cf2885a69930ae1d

Code Sign

13:d1:2c:30:23:67:bd:8e:47:d9:5a:df:d0:28:71:03
Certificate

Issuer

CN=WDKTestCert viedifw\,130729819466811601

Not Before

08/04/2015, 15:52

Not After

08/04/2025, 00:00

Subject

CN=WDKTestCert viedifw\,130729819466811601

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

4a:24:5f:e5:a1:79:51:ac:3d:1d:59:db:e2:be:bd:b8:90:ad:cc:91
Signer

Actual PE Digest

4a:24:5f:e5:a1:79:51:ac:3d:1d:59:db:e2:be:bd:b8:90:ad:cc:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwReadFile
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
MmMapIoSpace
MmUnmapIoSpace
IoBuildSynchronousFsdRequest
IofCallDriver
IoConnectInterruptEx
IoDisconnectInterruptEx
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
IoGetDeviceInterfaces
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotificationEx
ObfDereferenceObject
RtlAppendUnicodeStringToString
strnlen
KeResetEvent
ZwQueryInformationFile
ObfReferenceObject
PsProcessType
KeWaitForSingleObject
IoAllocateMdl
IoFreeMdl
KeSaveFloatingPointState
KeRestoreFloatingPointState
_vsnprintf
RtlEqualUnicodeString
IoGetDmaAdapter
IoWMIRegistrationControl
IoUnregisterPlugPlayNotification
IoSetDeviceInterfacePropertyData
PoRequestPowerIrp
PoFxRegisterDevice
PoFxStartDevicePowerManagement
PoFxUnregisterDevice
PoFxActivateComponent
PoFxCompleteDevicePowerNotRequired
PoFxCompleteIdleCondition
PoFxIdleComponent
PoFxReportDevicePoweredOn
vsprintf_s
RtlUnwind
KeReleaseMutex
KeInitializeMutex
KeGetCurrentThread
memcpy_s
memset
_aulldvrm
_aulldiv
IoGetInitiatorProcess
ObOpenObjectByPointer
PsGetCurrentThreadId
MmGetSystemRoutineAddress
memcmp
_allmul
_vsnwprintf
ZwClose
ZwWriteFile
ZwCreateFile
PsTerminateSystemThread
PsCreateSystemThread
KeReleaseGuardedMutex
KeAcquireGuardedMutex
KeInitializeGuardedMutex
KeSetTimer
KeCancelTimer
KeInitializeTimer
KeDelayExecutionThread
KeReadStateEvent
KeClearEvent
KeInsertQueueDpc
KeInitializeDpc
DbgPrintEx
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlInitUnicodeString
_alldiv
ExFreePool
KeSetEvent
KeInitializeEvent
RtlCompareMemory
memcpy
IoFreeWorkItem
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
KeInitializeSpinLock
strncpy
_snprintf_s
strcpy_s
strncpy_s
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmGetPhysicalAddress
memmove
IoQueueWorkItem
IoAllocateWorkItem
IoGetCurrentProcess
ExFreePoolWithTag
ExAllocatePoolWithTag
_purecall

hal

KeGetCurrentIrql
KfReleaseSpinLock
KeQueryPerformanceCounter
KeStallExecutionProcessor
KfAcquireSpinLock
WRITE_PORT_ULONG
READ_PORT_ULONG

ks.sys

KsFilterFactoryGetSymbolicLink
KsFilterFactorySetDeviceClassesState
KsCreateFilterFactory
KsDeviceRegisterAdapterObject
KsReleaseDevice
KsAcquireDevice
KsInitializeDriver
KsFreeObjectCreateItemsByContext
KsPersistDeviceProfile
KsPublishDeviceProfile
KsInitializeDeviceProfile
KsGetNextSibling
KsGetFirstChild
KsStreamPointerGetMdl
KsStreamPointerLock
KsGetDeviceForDeviceObject
KsPinGetReferenceClockInterface
KsGetPinFromIrp
KsPinGetParentFilter
KsPinAttemptProcessing
KsStreamPointerGetNextClone
KsPinGetFirstCloneStreamPointer
KsStreamPointerGetIrp
KsStreamPointerAdvance
KsStreamPointerClone
KsStreamPointerDelete
KsStreamPointerUnlock
KsPinGetLeadingEdgeStreamPointer
_KsEdit
KsDefaultAddEventHandler
KsFilterFactoryUpdateCacheData
KsGenerateEvent
KsAddItemToObjectBag
KsReleaseControl
KsAcquireControl
KsGetFilterFromIrp
KsGetDevice
KsFilterGetFirstChildPin
KsGetParent
KsGetObjectFromFileObject
KsGenerateEvents
KsAddEvent
KsGetOuterUnknown

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionBind
WdfVersionUnbindClass

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iacamera32/isp_firmware.bin
Camera/iacamera32/libia_cp.dll
.dll windows:6 windows x86

ef0f15371ad7541dc8342750f4c021b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
SetEndOfFile
CreateFileW
LCMapStringW
CompareStringW
GetCommandLineA
GetCurrentThreadId
GetLastError
HeapFree
HeapAlloc
RtlUnwind
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
CloseHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapSize
SetEnvironmentVariableA

cilkrts20_32

__cilkrts_get_tls_worker_fast
__cilkrts_detach_handler
__cilkrts_bind_thread_1
__cilkrts_get_tls_worker
__cilkrts_rethrow
__cilkrts_sync
__cilkrts_setjmp
__cilkrts_leave_frame
__cilkrts_cilk_for_32

Exports

Exports

GetCpLibrary
ia_cp_hdr_abort
ia_cp_hdr_compose
ia_cp_hdr_init
ia_cp_hdr_uninit
ia_cp_init
ia_cp_ull_abort
ia_cp_ull_compose
ia_cp_ull_init
ia_cp_ull_uninit
ia_cp_uninit

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_o
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itt_not
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iacamera32/mute.bmp
Camera/iacamera32/pvl.dll
.dll windows:6 windows x86

d22948c2c3c81a867b9ab66efaff97d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
LoadLibraryA
FreeLibrary
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetLastError
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapSize
SetLastError
InterlockedIncrement
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RaiseException
CloseHandle
GetModuleFileNameA
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
WriteConsoleW
FlushFileBuffers
LCMapStringEx
GetStringTypeW
CreateFileW
SetEndOfFile
ReadFile
ReadConsoleW

Exports

Exports

?pvl_mdf_load@@YA?AW4pvl_err@@PAUpvl_mdf_context_t@@@Z
?pvl_mdf_unload@@YAXPAUpvl_mdf_context_t@@@Z
MotionEstimate
PanoImg_Clone
PanoImg_Clone_CM
PanoImg_ConvertYUV2RGBA
PanoImg_CopyEx
PanoImg_Create
PanoImg_CreateAligned
PanoImg_CreateRef
PanoImg_CreateRef_CM
PanoImg_Create_CM
PanoImg_Destroy
PanoImg_DestroyAligned
PanoImg_Destroy_CM
PanoImg_ResizeGray
PanoImg_ResizeGrayYUYV
PanoImg_ResizeHalfGray
PanoImg_ResizeYUV
PanoImg_RotateCW270
PanoImg_RotateCW90
crop_resize_RGB
crop_resize_grayimage_bi
crop_resize_grayimage_nn
face_detector_core_check_overlap
face_detector_core_check_overlap_tight
face_detector_core_create
face_detector_core_destroy
face_detector_core_get_parameters
face_detector_core_reset
face_detector_core_scan_all_scales
face_detector_core_scan_one_scale
face_detector_core_set_parameters
image2mct
image2mlbp_converter_create
image2mlbp_converter_destroy
image2mlbp_converter_get_result
image2mlbp_converter_reset
image2mlbp_converter_run
pvl_android_property_get
pvl_blink_detection_create
pvl_blink_detection_destroy
pvl_blink_detection_get_default_config
pvl_blink_detection_get_parameters
pvl_blink_detection_reset
pvl_blink_detection_run
pvl_blink_detection_set_parameters
pvl_calloc
pvl_calloc_aligned
pvl_err_to_string
pvl_eye_detection_create
pvl_eye_detection_destroy
pvl_eye_detection_get_default_config
pvl_eye_detection_reset
pvl_eye_detection_run
pvl_face_detection_create
pvl_face_detection_destroy
pvl_face_detection_get_default_config
pvl_face_detection_get_parameters
pvl_face_detection_reset
pvl_face_detection_run_in_image
pvl_face_detection_run_in_preview
pvl_face_detection_set_parameters
pvl_face_recognition_create
pvl_face_recognition_create_result_buffer
pvl_face_recognition_destroy
pvl_face_recognition_destroy_result_buffer
pvl_face_recognition_get_default_config
pvl_face_recognition_get_num_faces_in_database
pvl_face_recognition_get_parameters
pvl_face_recognition_register_facedata
pvl_face_recognition_reset
pvl_face_recognition_run_in_image
pvl_face_recognition_run_in_preview
pvl_face_recognition_set_parameters
pvl_face_recognition_unregister_facedata
pvl_face_recognition_unregister_person
pvl_face_recognition_update_person
pvl_free
pvl_free_aligned
pvl_image_clone
pvl_image_convert
pvl_image_convert_to_gray
pvl_image_convert_to_nv12
pvl_image_convert_to_nv21
pvl_image_convert_to_rgba
pvl_image_convert_to_yuy2
pvl_image_convert_to_yv12
pvl_image_copy
pvl_image_create
pvl_image_destroy
pvl_image_get_bits_per_pixel
pvl_image_get_channel
pvl_image_hflip
pvl_image_montage_create
pvl_image_montage_destroy
pvl_image_montage_get_default_config
pvl_image_montage_get_parameters
pvl_image_montage_reset
pvl_image_montage_run
pvl_image_montage_set_main_image
pvl_image_montage_set_parameters
pvl_image_montage_set_sub_image
pvl_image_recreate
pvl_image_sample_gray
pvl_image_warp_by_2points
pvl_kalmanfilter1d32i_filter
pvl_kalmanfilter1d32i_init
pvl_log_debug
pvl_log_disable
pvl_log_dump
pvl_log_enable
pvl_log_error
pvl_log_info
pvl_log_print_library_information
pvl_log_set_external_debug
pvl_log_set_external_error
pvl_log_set_external_info
pvl_log_set_external_warning
pvl_log_set_externals_from_config
pvl_log_warning
pvl_malloc
pvl_malloc_aligned
pvl_math_arctan
pvl_math_cos
pvl_math_cos_tiny
pvl_math_cosi16_d
pvl_math_sin
pvl_math_sin_tiny
pvl_math_sini16_d
pvl_math_sqrt
pvl_memcpy_s
pvl_mouth_detection_create
pvl_mouth_detection_destroy
pvl_mouth_detection_get_default_config
pvl_mouth_detection_reset
pvl_mouth_detection_run
pvl_object_tracking_add_object
pvl_object_tracking_create
pvl_object_tracking_destroy
pvl_object_tracking_get_default_config
pvl_object_tracking_get_parameters
pvl_object_tracking_remove_object
pvl_object_tracking_reset
pvl_object_tracking_run
pvl_object_tracking_set_parameters
pvl_panorama_create
pvl_panorama_destroy
pvl_panorama_detect_frame_to_stitch
pvl_panorama_get_default_config
pvl_panorama_get_parameters
pvl_panorama_reset
pvl_panorama_run
pvl_panorama_set_parameters
pvl_panorama_stitch_one_image
pvl_platform_dlclose
pvl_platform_dlopen
pvl_platform_dlsym
pvl_platform_log_debug
pvl_platform_log_dump
pvl_platform_log_error
pvl_platform_log_info
pvl_platform_log_warning
pvl_platform_sleep
pvl_platform_snprintf
pvl_platform_vsnprintf
pvl_point_dist
pvl_point_inside_rect
pvl_point_rotate
pvl_prof_go
pvl_prof_go_label
pvl_prof_print
pvl_prof_print_logfunc
pvl_prof_set
pvl_prof_stop
pvl_realloc
pvl_rect_clip
pvl_rect_get_area
pvl_rect_get_bounding_rect
pvl_rect_get_intersecting_area
pvl_rect_get_intersecting_rect
pvl_rect_is_intersecting
pvl_rect_move
pvl_rect_rotate
pvl_rect_scale
pvl_skin_smoothing_create
pvl_skin_smoothing_destroy
pvl_skin_smoothing_get_default_config
pvl_skin_smoothing_get_parameters
pvl_skin_smoothing_reset
pvl_skin_smoothing_run
pvl_skin_smoothing_set_parameters
pvl_smile_detection_create
pvl_smile_detection_destroy
pvl_smile_detection_get_default_config
pvl_smile_detection_get_parameters
pvl_smile_detection_reset
pvl_smile_detection_run_in_image
pvl_smile_detection_run_in_preview
pvl_smile_detection_set_parameters
pvl_strncpy_s
pvl_time
pvl_version_compare
pvl_version_is_matching
pvl_version_variety_get_latest
pvl_version_variety_get_matching
pvl_version_variety_get_matching_or_latest
pvl_warp_image_by_2points_uc_scale
pvl_warp_point_by_2points
pvl_warp_rotation_degree
pvl_warp_strength_by_2points_i
resize_grayimage_bi
resize_grayimage_nn
rotate_crop_resize_grayimage_nn
rotate_grayimage_eighth
sample_image_by_n
warp_image_by_2points

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_o
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Camera/iaisp32/iaisp32.cat
Camera/iaisp32/iaisp32.inf
Camera/iaisp32/iaisp32.sys
.sys windows:10 windows x86

590df3d1a99a45b796fa22569c1726c7

Code Sign

13:d1:2c:30:23:67:bd:8e:47:d9:5a:df:d0:28:71:03
Certificate

Issuer

CN=WDKTestCert viedifw\,130729819466811601

Not Before

08/04/2015, 15:52

Not After

08/04/2025, 00:00

Subject

CN=WDKTestCert viedifw\,130729819466811601

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

85:2a:7b:43:64:7e:ed:08:93:84:3f:3d:9e:0b:e8:62:24:dd:d0:ec
Signer

Actual PE Digest

85:2a:7b:43:64:7e:ed:08:93:84:3f:3d:9e:0b:e8:62:24:dd:d0:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapIoSpace
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
memset
memcpy
IoWMIRegistrationControl
RtlCopyUnicodeString
KeInitializeEvent
RtlCompareMemory
MmGetSystemRoutineAddress
MmUnmapIoSpace
RtlInitUnicodeString

hal

WRITE_PORT_ULONG
KeStallExecutionProcessor
READ_PORT_ULONG

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

NONPAGED
Size: 512B - Virtual size: 65B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0a67861a8fa7407241a6310e977e883

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 6KB

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 4KB - Virtual size: 3KB

07a2806dc50f77ef2c4ccd389f8edf6c

Code Sign

49:82:11:88:cc:af:1e:93:46:6e:0e:40:0e:32:f0:96Certificate

Extended Key Usages

Key Usages

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

cd:d0:a8:73:10:77:37:74:a3:08:bc:7c:1e:0a:d2:6f:2b:ef:9f:7b:58:a9:71:71:9a:89:e7:56:49:36:a0:07Signer

62:3a:e3:eb:3d:88:0e:5e:d6:e3:fc:e0:d7:85:f6:e6:bc:77:0b:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 7KB

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 4KB - Virtual size: 3KB

63a30b7f9f3bfb7fe9bc03895a82f376

Headers

DLL Characteristics

File Characteristics

Imports

mfplat

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

d3d11

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.orpc Size: 512B - Virtual size: 373B

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 40KB - Virtual size: 39KB

0604f63fc5e77623a6a3456d5c6ad42d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 6KB

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

49:82:11:88:cc:af:1e:93:46:6e:0e:40:0e:32:f0:96
Certificate

33:00:00:00:1d:c3:1a:76:16:24:75:4f:80:00:00:00:00:00:1d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

cd:d0:a8:73:10:77:37:74:a3:08:bc:7c:1e:0a:d2:6f:2b:ef:9f:7b:58:a9:71:71:9a:89:e7:56:49:36:a0:07
Signer

62:3a:e3:eb:3d:88:0e:5e:d6:e3:fc:e0:d7:85:f6:e6:bc:77:0b:a1
Signer

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 7KB

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.orpc
Size: 512B - Virtual size: 373B

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 40KB - Virtual size: 39KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

1b:aa:c3:a2:00:01:00:00:79:76
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:f7:0b:1e:f9:97:cf:cf:ac:c3:3e:fa:0a:2c:0f:d1:16:e0:68:e3
Signer

.text
Size: 165KB - Virtual size: 165KB

.text1
Size: 1024B - Virtual size: 928B

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 10KB - Virtual size: 23KB

.data1
Size: 1KB - Virtual size: 1KB

.itt_not
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 1024B - Virtual size: 848B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

13:d1:2c:30:23:67:bd:8e:47:d9:5a:df:d0:28:71:03
Certificate

4a:24:5f:e5:a1:79:51:ac:3d:1d:59:db:e2:be:bd:b8:90:ad:cc:91
Signer

.text
Size: 286KB - Virtual size: 285KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 41KB - Virtual size: 176KB

PAGE
Size: 272KB - Virtual size: 271KB

INIT
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 29KB - Virtual size: 28KB