1632c25ba7be39e0c72922245936be0d18ec18416ec71dbe0b915f08f1685bbb

Sharing

Copy URL

Twitter E-mail

General

Target

1632c25ba7be39e0c72922245936be0d18ec18416ec71dbe0b915f08f1685bbb
Size

7.2MB
MD5

c852b80f692cc0a8b99187ce8c78c44c
SHA1

7e9639b70526f7dd3d34396000d7318ba509f85c
SHA256

1632c25ba7be39e0c72922245936be0d18ec18416ec71dbe0b915f08f1685bbb
SHA512

f0b23042cd8fa91d408d11c7c1b3cf75af687769a3520dc59610195edc7493db3f3b9cf8f3c03ca38870953489785987933cc7ff0a333339e30674af659a08a0
SSDEEP

196608:LewIVo5HMVXQMdyVvAvOa2KX21wtYzhmK8y9XxJq4c:KwIVo5sVgSydI21+8L8wXxJq4c

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/reg/CmdColor.exe
unpack001/reg/drv10/rxfcv.sys
unpack001/reg/drv7/rxfcv.sys

Files

1632c25ba7be39e0c72922245936be0d18ec18416ec71dbe0b915f08f1685bbb
.zip
PrimoCache_Srv_Setup_4.3.0.exe
.exe windows:5 windows x86

20dd26497880c05caed9305b3c8b9109

Code Sign

0e:df:b1:64:c5:80:cc:98:c4:9b:69:be:91:8e:d7:3b
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

26/04/2023, 05:20

Not After

15/03/2026, 15:27

Subject

SERIALNUMBER=913101105574930924,CN=Shanghai Romex Information Technology Co.\, Ltd.,O=Shanghai Romex Information Technology Co.\, Ltd.,L=Shanghai,C=CN,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:0e:ee:3e:05:56:be:a6:ee:bb:57:78:94:83:82:ce:93:32:27:6e:7b:33:27:fe:fa:c7:e1:62:c8:ac:6d:04
Signer

Actual PE Digest

d3:0e:ee:3e:05:56:be:a6:ee:bb:57:78:94:83:82:ce:93:32:27:6e:7b:33:27:fe:fa:c7:e1:62:c8:ac:6d:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
reg/CmdColor.exe
.exe windows:4 windows x86

7bf6ee7f997d9058a8fa5739c928c0b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
SetErrorMode
RaiseException
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetLastError
SetConsoleCtrlHandler
HeapFree
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
FlushFileBuffers
CloseHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
ReadFile
SetStdHandle
GetLocaleInfoW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reg/PrimoCache.reg
reg/TestCertificate.cer
reg/drv.bak/win10-11_srv2016-2022/rxfcv.cat
reg/drv.bak/win10-11_srv2016-2022/rxfcv.inf
reg/drv.bak/win10-11_srv2016-2022/rxfcv.sys
.sys windows:10 windows x64

e47a7ca085c8d28af059a3defa00723f

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:30:04:fc:66:c0:bf:4e:c1:d7:5c:05:f9:f6:5a:37:56:e6:9b:e6:74:1c:e3:a3:9c:e3:a8:0c:f4:d5:8b:64
Signer

Actual PE Digest

8d:30:04:fc:66:c0:bf:4e:c1:d7:5c:05:f9:f6:5a:37:56:e6:9b:e6:74:1c:e3:a3:9c:e3:a8:0c:f4:d5:8b:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rxbsknl.sys

RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem

ntoskrnl.exe

KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlIsNtDdiVersionAvailable
KdDisableDebugger
KdEnableDebugger
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
KdDebuggerEnabled
InitSafeBootMode
NtBuildNumber
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCountEx
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryNodeActiveAffinity
KeQueryHighestNodeNumber
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
IoGetDevicePropertyData
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlCompareUnicodeString
PsGetVersion
ExAllocatePoolWithQuotaTag

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EXTRA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPATA
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reg/drv.bak/win7-8.1_srv2008-2012/rxfcv.cat
reg/drv.bak/win7-8.1_srv2008-2012/rxfcv.inf
reg/drv.bak/win7-8.1_srv2008-2012/rxfcv.sys
.sys windows:10 windows x64

9653b3b7b9a2698ec8e96dd8b2ddea07

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:d4:fb:cf:05:7b:48:dd:fd:23:e5:a7:17:68:04:38:82:5d:f3:a9:c5:02:e4:78:54:1e:16:64:e4:d1:c7:c1
Signer

Actual PE Digest

c5:d4:fb:cf:05:7b:48:dd:fd:23:e5:a7:17:68:04:38:82:5d:f3:a9:c5:02:e4:78:54:1e:16:64:e4:d1:c7:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rxbsknl.sys

RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem

ntoskrnl.exe

KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlIsNtDdiVersionAvailable
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
InitSafeBootMode
NtBuildNumber
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCountEx
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
RtlAppendUnicodeStringToString
KdDisableDebugger
KdEnableDebugger
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
KdDebuggerEnabled
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeBugCheckEx
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryNodeActiveAffinity
KeQueryHighestNodeNumber
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
IoGetDevicePropertyData
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlCompareUnicodeString
PsGetVersion
ExAllocatePoolWithQuotaTag

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EXTRA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reg/drv10/rxfcv.cat
reg/drv10/rxfcv.inf
reg/drv10/rxfcv.sys
.sys windows:10 windows x64

e47a7ca085c8d28af059a3defa00723f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rxbsknl.sys

RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem

ntoskrnl.exe

KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlIsNtDdiVersionAvailable
KdDisableDebugger
KdEnableDebugger
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
KdDebuggerEnabled
InitSafeBootMode
NtBuildNumber
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCountEx
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeQueryNodeActiveAffinity
KeQueryHighestNodeNumber
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
IoGetDevicePropertyData
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
RtlCompareUnicodeString
PsGetVersion
ExAllocatePoolWithQuotaTag

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EXTRA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPATA
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reg/drv7/rxfcv.cat
reg/drv7/rxfcv.inf
reg/drv7/rxfcv.sys
.sys windows:10 windows x64

58ecbaaab3100bdda10da5c8f0945a4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rxbsknl.sys

RxbsCreateHyperDevice
RxbsCloseHyperDevice
RxbsSetParamHyperSystem
RxbsGetParamHyperSystem
RxbsStartHyperSystem
RxbsGetHyperSystemState
RxbsConnectHyperSystem
RxbsDisconnectHyperSystem

ntoskrnl.exe

KeSetPriorityThread
KeWaitForSingleObject
ExFreePoolWithTag
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeInitializeEvent
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
ExAllocatePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoFreeMdl
RtlCompareMemory
ExUuidCreate
RtlInitUnicodeString
KeClearEvent
KeSetEvent
ExInterlockedInsertTailList
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
ObfDereferenceObject
RtlCopyUnicodeString
IoAttachDeviceToDeviceStack
IoBuildSynchronousFsdRequest
IofCallDriver
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
ZwClose
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoGetAttachedDevice
InitSafeBootMode
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeInsertQueue
RtlFreeUnicodeString
RtlStringFromGUID
ZwEnumerateValueKey
ZwSetValueKey
KeReadStateEvent
KeReadStateTimer
KeSetTimer
KeWaitForMultipleObjects
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeQueryActiveProcessorCount
KeDelayExecutionThread
IoAllocateIrp
IoBuildPartialMdl
IoFreeIrp
KeRemoveQueue
ExAllocatePoolWithTagPriority
ZwQueryValueKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDetachDevice
IoSetDeviceInterfaceState
ZwCreateFile
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
_vsnwprintf
RtlAppendUnicodeStringToString
KdDisableDebugger
KdEnableDebugger
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
KdDebuggerEnabled
_strnicmp
RtlGUIDFromString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetOwnerSecurityDescriptor
ZwSetSecurityObject
ObReferenceObjectByName
SeExports
KeGetCurrentIrql
IoGetStackLimits
ExEventObjectType
ExWindowStationObjectType
KeBugCheckEx
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
MmGetPhysicalMemoryRanges
ZwQuerySystemInformation
PsCreateSystemThread
ObReferenceObjectByHandle
KeInitializeQueue
KeRundownQueue
wcschr
RtlUnicodeStringToInteger
RtlEqualUnicodeString
IoAllocateErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IoWriteErrorLogEntry
IoOpenDeviceRegistryKey
ObfReferenceObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlQueryRegistryValues
MmGetSystemRoutineAddress
RtlCompareUnicodeString

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EXTRA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.juno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reg/install.bat
.bat .vbs
下载说明.txt
沃下载-www.wodown.com.url
.url

Sharing

General

Malware Config

Signatures

Files

20dd26497880c05caed9305b3c8b9109

Code Sign

0e:df:b1:64:c5:80:cc:98:c4:9b:69:be:91:8e:d7:3bCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

d3:0e:ee:3e:05:56:be:a6:ee:bb:57:78:94:83:82:ce:93:32:27:6e:7b:33:27:fe:fa:c7:e1:62:c8:ac:6d:04Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 61KB - Virtual size: 60KB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 333KB - Virtual size: 333KB

7bf6ee7f997d9058a8fa5739c928c0b5

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 22KB

e47a7ca085c8d28af059a3defa00723f

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

8d:30:04:fc:66:c0:bf:4e:c1:d7:5c:05:f9:f6:5a:37:56:e6:9b:e6:74:1c:e3:a3:9c:e3:a8:0c:f4:d5:8b:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

rxbsknl.sys

ntoskrnl.exe

Sections

.text Size: 114KB - Virtual size: 113KB

EXTRA Size: 8KB - Virtual size: 7KB

CPATA Size: 512B - Virtual size: 401B

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 5KB

PAGE Size: 3KB - Virtual size: 2KB

INIT Size: 10KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 132B

9653b3b7b9a2698ec8e96dd8b2ddea07

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

c5:d4:fb:cf:05:7b:48:dd:fd:23:e5:a7:17:68:04:38:82:5d:f3:a9:c5:02:e4:78:54:1e:16:64:e4:d1:c7:c1Signer

0e:df:b1:64:c5:80:cc:98:c4:9b:69:be:91:8e:d7:3b
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

d3:0e:ee:3e:05:56:be:a6:ee:bb:57:78:94:83:82:ce:93:32:27:6e:7b:33:27:fe:fa:c7:e1:62:c8:ac:6d:04
Signer

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 333KB - Virtual size: 333KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 22KB

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

8d:30:04:fc:66:c0:bf:4e:c1:d7:5c:05:f9:f6:5a:37:56:e6:9b:e6:74:1c:e3:a3:9c:e3:a8:0c:f4:d5:8b:64
Signer

.text
Size: 114KB - Virtual size: 113KB

EXTRA
Size: 8KB - Virtual size: 7KB

CPATA
Size: 512B - Virtual size: 401B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 132B

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

c5:d4:fb:cf:05:7b:48:dd:fd:23:e5:a7:17:68:04:38:82:5d:f3:a9:c5:02:e4:78:54:1e:16:64:e4:d1:c7:c1
Signer

.text
Size: 127KB - Virtual size: 126KB

EXTRA
Size: 10KB - Virtual size: 10KB

CPATA
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 200B

.text
Size: 114KB - Virtual size: 113KB

EXTRA
Size: 8KB - Virtual size: 7KB

CPATA
Size: 512B - Virtual size: 401B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 121KB - Virtual size: 120KB

EXTRA
Size: 10KB - Virtual size: 9KB

CPATA
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 196B

.juno
Size: 4KB - Virtual size: 4KB