atheros_ar813x_ar815x_ar816x_v2[.]1[.]0[.]21_whql[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

atheros_ar813x_ar815x_ar816x_v2.1.0.21_whql.zip
Size

5.8MB
MD5

b6d6c49d2d037813372595a78bc4dff8
SHA1

2bdf462f0f23febf10e0cfe802cd9b57bb1199ac
SHA256

f430fdc498cda49f218f2e16bcbc6f4bf7c99c545da744dbfb41e398fb2393b4
SHA512

184f53ba3b44ba7a6537712e006a2b2f8b086a793f65e22ba469f8d4135889fe28ea97ccbebac0e723f795655a0dc7eb831317e5bc7734ff390e5ad6b70d2feb
SSDEEP

98304:RvxpHmPmXjOpHh/UsqCo0mocgBcTmO1aOT7VZ89DoLcyvxkf1Pf9E+b:Rrm+SYy4h1jBZrLcyo1H9E+b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ISSetup.dll

Files

atheros_ar813x_ar815x_ar816x_v2.1.0.21_whql.zip
.zip
Common_Dri/Win7_32/L1C62x86.inf
Common_Dri/Win7_32/L1c62x86.sys
.sys windows:6 windows x86 arch:x86

6c1e02368d074a68f0dafefeae6988f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32
Signer

Actual PE Digest

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memmove
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisMGetDmaAlignment
NdisMAllocateSharedMemory
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpcEx
NdisMOidRequestComplete
NdisMConfigMSIXTableEntry
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetRssProcessorInformation
NdisFreeMdl
NdisMRegisterIoPortRange
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/Win7_32/l1c62x86.cat
Common_Dri/Win7_64/L1C62x64.inf
Common_Dri/Win7_64/L1c62x64.sys
.sys windows:6 windows x64 arch:x64

fea6c983249b7d181a46ce4c96e7b325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47
Signer

Actual PE Digest

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMConfigMSIXTableEntry
NdisMOidRequestComplete
NdisGetRssProcessorInformation
NdisMAllocateSharedMemoryAsync
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMQueueDpcEx
NdisMGetBusData
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeMdl
NdisMGetDmaAlignment

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/Win7_64/l1c62x64.cat
Common_Dri/Win8_32/L1C63x86.inf
Common_Dri/Win8_32/L1C63x86.sys
.sys windows:6 windows x86 arch:x86

2390614e8552c2824753f056c47fbeb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:99:76:ab:2b:07:8a:96:50:8d:d5:1d:bb:35:a8:87:bd:d1:3a:53
Signer

Actual PE Digest

2b:99:76:ab:2b:07:8a:96:50:8d:d5:1d:bb:35:a8:87:bd:d1:3a:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memmove
memcmp
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
KeInitializeSpinLock
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisMGetDmaAlignment
NdisMAllocateSharedMemory
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpcEx
NdisMOidRequestComplete
NdisMConfigMSIXTableEntry
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetRssProcessorInformation
NdisFreeMdl
NdisMDeregisterIoPortRange
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisGetVersion
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/Win8_32/l1c63x86.cat
Common_Dri/Win8_64/L1C63x64.inf
Common_Dri/Win8_64/L1C63x64.sys
.sys windows:6 windows x64 arch:x64

552f64c7535d478118d69af1374e0bf1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:ae:05:3d:03:71:67:4d:40:48:a7:a1:34:13:fc:24:7b:86:4a:ab
Signer

Actual PE Digest

af:ae:05:3d:03:71:67:4d:40:48:a7:a1:34:13:fc:24:7b:86:4a:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
KfRaiseIrql
KeLowerIrql
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeInitializeSpinLock

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMConfigMSIXTableEntry
NdisMOidRequestComplete
NdisMQueueDpcEx
NdisGetRssProcessorInformation
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisFreeMdl
NdisMAllocateSharedMemoryAsync
NdisFreeIoWorkItem
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisGetVersion
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/Win8_64/l1c63x64.cat
Common_Dri/WinXP2003_32/l1c51x86.cat
Common_Dri/WinXP2003_32/l1c51x86.inf
Common_Dri/WinXP2003_32/l1c51x86.sys
.sys windows:6 windows x86 arch:x86

ec7a5153a71af46967406f2c9400a2eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:59:87:32:4e:72:dd:37:e5:65:17:64:8a:5b:fb:ea:27:fb:57:52
Signer

Actual PE Digest

3f:59:87:32:4e:72:dd:37:e5:65:17:64:8a:5b:fb:ea:27:fb:57:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlInitUnicodeString
ExfInterlockedInsertTailList
IofCompleteRequest
_vsnwprintf
MmMapLockedPagesSpecifyCache
IoFreeMdl
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
memcpy
memset
memmove
WRITE_REGISTER_UCHAR
WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT

hal

READ_PORT_UCHAR
WRITE_PORT_USHORT
READ_PORT_USHORT
WRITE_PORT_ULONG
READ_PORT_ULONG
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR

ndis.sys

NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisFreeBufferPool
NdisFreeMemory
NdisCloseConfiguration
NdisWriteConfiguration
NdisOpenConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisSetEvent
NdisScheduleWorkItem
NdisMCancelTimer
NdisMSleep
NdisMRegisterUnloadHandler
NdisMRegisterDevice
NdisFreePacketPool
NdisMRegisterInterrupt
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisWriteErrorLogEntry
NdisMQueryAdapterResources
NdisWaitEvent
NdisMDeregisterInterrupt
NdisMDeregisterDevice
NdisSetTimer
NdisMInitializeTimer
NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMSynchronizeWithInterrupt
NdisMRemoveMiniport
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisInitializeEvent
NdisAllocateMemoryWithTag
NdisUnchainBufferAtBack
NdisFreePacket
NdisAllocatePacket
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMInitializeScatterGatherDma
NdisMGetDmaAlignment

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/WinXP2003_64/l1c51x64.cat
Common_Dri/WinXP2003_64/l1c51x64.inf
Common_Dri/WinXP2003_64/l1c51x64.sys
.sys windows:6 windows x64 arch:x64

e60323943b4ff5afa7159b9be93d6fd6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:03:0b:42:3e:40:8e:aa:e2:64:2e:68:e5:18:78:7d:d7:16:c2:89
Signer

Actual PE Digest

0b:03:0b:42:3e:40:8e:aa:e2:64:2e:68:e5:18:78:7d:d7:16:c2:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
_vsnwprintf
ExInterlockedInsertTailList
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeAcquireSpinLockRaiseToDpc
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock

hal

KeStallExecutionProcessor

ndis.sys

NdisMRegisterUnloadHandler
NdisMSleep
NdisMCancelTimer
NdisScheduleWorkItem
NdisMRegisterDevice
NdisReadConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisWriteConfiguration
NdisOpenConfiguration
NdisSetEvent
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMDeregisterInterrupt
NdisMRegisterMiniport
NdisMRegisterInterrupt
NdisWaitEvent
NdisInitializeWrapper
NdisMSetAttributesEx
NdisSetTimer
NdisWriteErrorLogEntry
NdisMInitializeTimer
NdisMQueryAdapterResources
NdisMDeregisterDevice
NdisTerminateWrapper
NdisMSynchronizeWithInterrupt
NdisMMapIoSpace
NdisMRemoveMiniport
NdisMRegisterIoPortRange
NdisFreePacket
NdisMFreeSharedMemory
NdisAllocatePacket
NdisFreePacketPool
NdisInitializeEvent
NdisMUnmapIoSpace
NdisFreeMemory
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisUnchainBufferAtBack
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMInitializeScatterGatherDma
NdisAllocateBuffer
NdisAllocateMemoryWithTag
NdisMGetDmaAlignment
NdisMAllocateSharedMemory

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/vista_32/L1c60x86.inf
Common_Dri/vista_32/L1c60x86.sys
.sys windows:6 windows x86 arch:x86

28bb057c8576d97a24071fad389c4d73

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:12:18:8e:7a:ca:b2:8b:09:48:6a:25:da:12:40:a5:cf:ee:04:28
Signer

Actual PE Digest

76:12:18:8e:7a:ca:b2:8b:09:48:6a:25:da:12:40:a5:cf:ee:04:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memmove
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisFreeMdl
NdisMGetDmaAlignment
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferList
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpc
NdisMOidRequestComplete
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetProcessorInformation
NdisAllocateMdl
NdisMSetMiniportAttributes
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/vista_32/l1c60x86.cat
Common_Dri/vista_64/L1c60x64.inf
Common_Dri/vista_64/L1c60x64.sys
.sys windows:6 windows x64 arch:x64

c9c27b61924c603bb96c3ce4714eaedd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c8:3f:7c:c5:7b:95:1e:3e:83:ba:8d:fd:73:f1:27:b7:f1:6d:19
Signer

Actual PE Digest

47:c8:3f:7c:c5:7b:95:1e:3e:83:ba:8d:fd:73:f1:27:b7:f1:6d:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMOidRequestComplete
NdisMQueueDpc
NdisGetProcessorInformation
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisMAllocateSharedMemoryAsync
NdisFreeIoWorkItem
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeMdl

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Common_Dri/vista_64/l1c60x64.cat
DIFxCmd.exe
.exe windows:6 windows x86 arch:x86

ef4dac652c531517b561cc6167f2a473

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:3b:32:c7:fe:46:7a:f2:33:ba:5b:4f:aa:91:09:35:76:64:6c:b7
Signer

Actual PE Digest

19:3b:32:c7:fe:46:7a:f2:33:ba:5b:4f:aa:91:09:35:76:64:6c:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
GetCommandLineW
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
LCMapStringEx
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThread
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
AreFileApisANSI
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
FatalAppExitA
HeapFree
Sleep
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
RtlUnwind
GetLocaleInfoEx
IsValidLocaleName
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
HeapAlloc
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetUserDefaultLocaleName
EnumSystemLocalesEx
HeapSize
CloseHandle
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW

difxapi

DIFXAPISetLogCallbackW
DriverPackagePreinstallW
DriverPackageInstallW
DriverPackageUninstallW
DriverPackageGetPathW

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DIFxCmd64.exe
.exe windows:6 windows x64 arch:x64

68d5ec1fa87c5a5041a24047dd3dc4a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:43:22:43:56:89:c1:ff:7e:52:81:59:30:e5:b3:8c:eb:0f:db:b5
Signer

Actual PE Digest

ce:43:22:43:56:89:c1:ff:7e:52:81:59:30:e5:b3:8c:eb:0f:db:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFullPathNameW
GetCommandLineW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
LCMapStringEx
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThread
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
AreFileApisANSI
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
FatalAppExitA
HeapFree
Sleep
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
GetLocaleInfoEx
IsValidLocaleName
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
HeapAlloc
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetUserDefaultLocaleName
EnumSystemLocalesEx
HeapSize
CloseHandle
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW

difxapi

DIFXAPISetLogCallbackW
DriverPackagePreinstallW
DriverPackageInstallW
DriverPackageUninstallW
DriverPackageGetPathW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriUpdate32.exe
.exe windows:6 windows x86 arch:x86

eb5df938a4f20cbf8aebb8a7ebb40e33

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b8:fa:a6:56:69:58:7d:a1:b1:a8:20:f0:8e:1f:8c:b6:bb:52:b5
Signer

Actual PE Digest

14:b8:fa:a6:56:69:58:7d:a1:b1:a8:20:f0:8e:1f:8c:b6:bb:52:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

kernel32

LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
GetLastError
lstrlenW
GetDateFormatW
FileTimeToSystemTime
GetFullPathNameW
FreeLibrary
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetFileAttributesW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
fputws
fputs
??3@YAXPAX@Z
_controlfp
memset
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
wprintf
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z

ntdll

RtlUnwind

ole32

CLSIDFromString

setupapi

SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetClassDescriptionExW
SetupCloseInfFile
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiGetDeviceRegistryPropertyW
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
CM_Get_First_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DriUpdate64.exe
.exe windows:6 windows x64 arch:x64

cec2427eebea3a677f12d1efff1c7f30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:58:a7:98:1f:9c:6a:fc:27:72:ee:d2:ef:10:ff:af:d5:28:85:f3
Signer

Actual PE Digest

0b:58:a7:98:1f:9c:6a:fc:27:72:ee:d2:ef:10:ff:af:d5:28:85:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
RegSetValueExW
OpenSCManagerW
RegDeleteValueW
OpenServiceW

kernel32

LocalFree
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LoadLibraryW
GetDateFormatW
FileTimeToSystemTime
FreeLibrary
GetProcAddress
FindNextFileW
GetFullPathNameW
GetFileAttributesW
GetWindowsDirectoryW
FindFirstFileW
FindClose
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

??2@YAPEAX_K@Z
fputs
wcsrchr
__iob_func
towupper
iswalpha
??3@YAXPEAX@Z
_wcsicmp
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
towlower
_wcsnicmp
fputws
wcschr

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

CM_Free_Log_Conf_Handle
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ExW
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
CM_Connect_MachineW
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Locate_DevNode_ExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiCallClassInstaller
SetupGetStringFieldW
SetupDiDestroyDriverInfoList
CM_Get_Res_Des_Data_Size_Ex
SetupOpenInfFileW
SetupDiEnumDriverInfoW
CM_Free_Res_Des_Handle
SetupDiDestroyDeviceInfoList
CM_Get_First_Log_Conf_Ex
SetupScanFileQueueW
SetupDiSetDeviceInstallParamsW
CM_Get_DevNode_Status_Ex
CM_Get_Next_Res_Des_Ex
SetupFindFirstLineW
SetupCloseFileQueue
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiBuildDriverInfoList
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiGetDeviceInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISSetup.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d2de62954e2245a65e4524f1ce87517e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

WaitForInputIdle

gdi32

CreatePalette

advapi32

LookupPrivilegeValueA

shell32

SHGetMalloc

ole32

WriteClassStm

oleaut32

BSTR_UserFree

rpcrt4

UuidCreate

winmm

mciSendCommandA

version

GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

.text
Size: 390KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
README.htm
RIS/Common_Dri/Win7_32/L1C62x86.inf
RIS/Common_Dri/Win7_32/L1c62x86.sys
.sys windows:6 windows x86 arch:x86

6c1e02368d074a68f0dafefeae6988f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32
Signer

Actual PE Digest

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memmove
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisMGetDmaAlignment
NdisMAllocateSharedMemory
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpcEx
NdisMOidRequestComplete
NdisMConfigMSIXTableEntry
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetRssProcessorInformation
NdisFreeMdl
NdisMRegisterIoPortRange
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/Win7_32/l1c62x86.cat
RIS/Common_Dri/Win7_64/L1C62x64.inf
RIS/Common_Dri/Win7_64/L1c62x64.sys
.sys windows:6 windows x64 arch:x64

fea6c983249b7d181a46ce4c96e7b325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47
Signer

Actual PE Digest

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMConfigMSIXTableEntry
NdisMOidRequestComplete
NdisGetRssProcessorInformation
NdisMAllocateSharedMemoryAsync
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMQueueDpcEx
NdisMGetBusData
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeMdl
NdisMGetDmaAlignment

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/Win7_64/l1c62x64.cat
RIS/Common_Dri/Win8_32/L1C63x86.inf
RIS/Common_Dri/Win8_32/L1C63x86.sys
.sys windows:6 windows x86 arch:x86

2390614e8552c2824753f056c47fbeb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:99:76:ab:2b:07:8a:96:50:8d:d5:1d:bb:35:a8:87:bd:d1:3a:53
Signer

Actual PE Digest

2b:99:76:ab:2b:07:8a:96:50:8d:d5:1d:bb:35:a8:87:bd:d1:3a:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memmove
memcmp
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
KeInitializeSpinLock
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisMGetDmaAlignment
NdisMAllocateSharedMemory
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpcEx
NdisMOidRequestComplete
NdisMConfigMSIXTableEntry
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetRssProcessorInformation
NdisFreeMdl
NdisMDeregisterIoPortRange
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisGetVersion
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/Win8_32/l1c63x86.cat
RIS/Common_Dri/Win8_64/L1C63x64.inf
RIS/Common_Dri/Win8_64/L1C63x64.sys
.sys windows:6 windows x64 arch:x64

552f64c7535d478118d69af1374e0bf1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:ae:05:3d:03:71:67:4d:40:48:a7:a1:34:13:fc:24:7b:86:4a:ab
Signer

Actual PE Digest

af:ae:05:3d:03:71:67:4d:40:48:a7:a1:34:13:fc:24:7b:86:4a:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
KfRaiseIrql
KeLowerIrql
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeInitializeSpinLock

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMConfigMSIXTableEntry
NdisMOidRequestComplete
NdisMQueueDpcEx
NdisGetRssProcessorInformation
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisFreeMdl
NdisMAllocateSharedMemoryAsync
NdisFreeIoWorkItem
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisCurrentGroupAndProcessor
NdisMIndicateReceiveNetBufferLists
NdisGetVersion
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/Win8_64/l1c63x64.cat
RIS/Common_Dri/WinXP2003_32/l1c51x86.cat
RIS/Common_Dri/WinXP2003_32/l1c51x86.inf
RIS/Common_Dri/WinXP2003_32/l1c51x86.sys
.sys windows:6 windows x86 arch:x86

ec7a5153a71af46967406f2c9400a2eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:59:87:32:4e:72:dd:37:e5:65:17:64:8a:5b:fb:ea:27:fb:57:52
Signer

Actual PE Digest

3f:59:87:32:4e:72:dd:37:e5:65:17:64:8a:5b:fb:ea:27:fb:57:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlInitUnicodeString
ExfInterlockedInsertTailList
IofCompleteRequest
_vsnwprintf
MmMapLockedPagesSpecifyCache
IoFreeMdl
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
memcpy
memset
memmove
WRITE_REGISTER_UCHAR
WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT

hal

READ_PORT_UCHAR
WRITE_PORT_USHORT
READ_PORT_USHORT
WRITE_PORT_ULONG
READ_PORT_ULONG
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR

ndis.sys

NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisFreeBufferPool
NdisFreeMemory
NdisCloseConfiguration
NdisWriteConfiguration
NdisOpenConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisSetEvent
NdisScheduleWorkItem
NdisMCancelTimer
NdisMSleep
NdisMRegisterUnloadHandler
NdisMRegisterDevice
NdisFreePacketPool
NdisMRegisterInterrupt
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisWriteErrorLogEntry
NdisMQueryAdapterResources
NdisWaitEvent
NdisMDeregisterInterrupt
NdisMDeregisterDevice
NdisSetTimer
NdisMInitializeTimer
NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMSynchronizeWithInterrupt
NdisMRemoveMiniport
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisInitializeEvent
NdisAllocateMemoryWithTag
NdisUnchainBufferAtBack
NdisFreePacket
NdisAllocatePacket
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMInitializeScatterGatherDma
NdisMGetDmaAlignment

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/WinXP2003_64/l1c51x64.cat
RIS/Common_Dri/WinXP2003_64/l1c51x64.inf
RIS/Common_Dri/WinXP2003_64/l1c51x64.sys
.sys windows:6 windows x64 arch:x64

e60323943b4ff5afa7159b9be93d6fd6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:03:0b:42:3e:40:8e:aa:e2:64:2e:68:e5:18:78:7d:d7:16:c2:89
Signer

Actual PE Digest

0b:03:0b:42:3e:40:8e:aa:e2:64:2e:68:e5:18:78:7d:d7:16:c2:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
_vsnwprintf
ExInterlockedInsertTailList
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeAcquireSpinLockRaiseToDpc
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock

hal

KeStallExecutionProcessor

ndis.sys

NdisMRegisterUnloadHandler
NdisMSleep
NdisMCancelTimer
NdisScheduleWorkItem
NdisMRegisterDevice
NdisReadConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisWriteConfiguration
NdisOpenConfiguration
NdisSetEvent
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMDeregisterInterrupt
NdisMRegisterMiniport
NdisMRegisterInterrupt
NdisWaitEvent
NdisInitializeWrapper
NdisMSetAttributesEx
NdisSetTimer
NdisWriteErrorLogEntry
NdisMInitializeTimer
NdisMQueryAdapterResources
NdisMDeregisterDevice
NdisTerminateWrapper
NdisMSynchronizeWithInterrupt
NdisMMapIoSpace
NdisMRemoveMiniport
NdisMRegisterIoPortRange
NdisFreePacket
NdisMFreeSharedMemory
NdisAllocatePacket
NdisFreePacketPool
NdisInitializeEvent
NdisMUnmapIoSpace
NdisFreeMemory
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisUnchainBufferAtBack
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMInitializeScatterGatherDma
NdisAllocateBuffer
NdisAllocateMemoryWithTag
NdisMGetDmaAlignment
NdisMAllocateSharedMemory

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/vista_32/L1c60x86.inf
RIS/Common_Dri/vista_32/L1c60x86.sys
.sys windows:6 windows x86 arch:x86

28bb057c8576d97a24071fad389c4d73

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:12:18:8e:7a:ca:b2:8b:09:48:6a:25:da:12:40:a5:cf:ee:04:28
Signer

Actual PE Digest

76:12:18:8e:7a:ca:b2:8b:09:48:6a:25:da:12:40:a5:cf:ee:04:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memmove
WRITE_REGISTER_USHORT
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_vsnwprintf
IofCompleteRequest
memcpy
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
WRITE_REGISTER_UCHAR
memset
WRITE_REGISTER_ULONG

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql

ndis.sys

NdisFreeMdl
NdisMGetDmaAlignment
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferList
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisMRegisterScatterGatherDma
NdisMDeregisterScatterGatherDma
NdisMAllocateSharedMemoryAsync
NdisMQueueDpc
NdisMOidRequestComplete
NdisWriteConfiguration
NdisAllocateTimerObject
NdisSetTimerObject
NdisGetProcessorInformation
NdisAllocateMdl
NdisMSetMiniportAttributes
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisFreeIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/vista_32/l1c60x86.cat
RIS/Common_Dri/vista_64/L1c60x64.inf
RIS/Common_Dri/vista_64/L1c60x64.sys
.sys windows:6 windows x64 arch:x64

c9c27b61924c603bb96c3ce4714eaedd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c8:3f:7c:c5:7b:95:1e:3e:83:ba:8d:fd:73:f1:27:b7:f1:6d:19
Signer

Actual PE Digest

47:c8:3f:7c:c5:7b:95:1e:3e:83:ba:8d:fd:73:f1:27:b7:f1:6d:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
_vsnwprintf
IofCompleteRequest
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

hal

KeStallExecutionProcessor

ndis.sys

NdisSetTimerObject
NdisAllocateTimerObject
NdisWriteConfiguration
NdisMOidRequestComplete
NdisMQueueDpc
NdisGetProcessorInformation
NdisMDeregisterScatterGatherDma
NdisMRegisterScatterGatherDma
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisMAllocateSharedMemoryAsync
NdisFreeIoWorkItem
NdisReadConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisWaitEvent
NdisWriteErrorLogEntry
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisSetOptionalHandlers
NdisCancelTimerObject
NdisFreeTimerObject
NdisMRegisterInterruptEx
NdisMDeregisterInterruptEx
NdisMSetMiniportAttributes
NdisMRegisterIoPortRange
NdisMDeregisterIoPortRange
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisAllocateIoWorkItem
NdisMGetBusData
NdisMSetBusData
NdisMSynchronizeWithInterruptEx
NdisMIndicateStatusEx
NdisMSleep
NdisMPauseComplete
NdisQueueIoWorkItem
NdisMResetComplete
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisGetDeviceReservedExtension
NdisGetNetBufferListProtocolId
NdisMAllocateNetBufferSGList
NdisMFreeNetBufferSGList
NdisMSendNetBufferListsComplete
NdisSetEvent
NdisMIndicateReceiveNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeMdl

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIS/Common_Dri/vista_64/l1c60x64.cat
Readme/0401_Arbic.htm
Readme/0404_Chinese(Traditional).htm
Readme/0405_Czech.htm
Readme/0406_Danish.htm
Readme/0407_German.htm
Readme/0408_Greek.htm
Readme/0409_English.htm
Readme/040A_Spanish.htm
Readme/040C_French.htm
Readme/040b_Finnish.htm
Readme/040d_Hebrew.htm
Readme/040e_Hungarian.htm
Readme/0410_Italian.htm
Readme/0411_Japanese.htm
Readme/0412_Korean.htm
Readme/0413_Dutch.htm
Readme/0414_Norwegian.htm
Readme/0415_Polish.htm
Readme/0416_Portuguese.htm
Readme/0418_Romanian.htm
Readme/0419_Russian.htm
Readme/041E_Thai.htm
Readme/041a_Croatian.htm
Readme/041b_Slovak.htm
Readme/041d_Swedish.htm
Readme/041f_Turkish.htm
Readme/0424_Slovenian.htm
Readme/0804_Chinese(Simplified).htm
Readme/0816_Portuguese.htm
.html
_setup.dll
.dll windows:4 windows x86 arch:x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

98:3a:46:9e:5d:28:f2:ee:4b:80:6b:2e:88:e9:b6:e9:ad:21:c1:eb
Signer

Actual PE Digest

98:3a:46:9e:5d:28:f2:ee:4b:80:6b:2e:88:e9:b6:e9:ad:21:c1:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data1.cab
data1.hdr
data2.cab
kdnet/amd64/kd_02_1969.dll
.dll windows:6 windows x64 arch:x64

Code Sign

61:0b:bb:d8:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/04/2012, 20:55

Not After

09/07/2013, 20:55

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:f3:5e:7a:17:44:c1:34:22:a3:f5:50:c2:ff:88:47:fc:3c:c8:81:00:e0:9a:9e:86:79:de:65:e1:98:f4:a4
Signer

Actual PE Digest

49:f3:5e:7a:17:44:c1:34:22:a3:f5:50:c2:ff:88:47:fc:3c:c8:81:00:e0:9a:9e:86:79:de:65:e1:98:f4:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

KdGetPacketAddress
KdGetPacketLength
KdGetRxPacket
KdGetTxPacket
KdInitializeController
KdInitializeLibrary
KdReleaseRxPacket
KdSendTxPacket
KdShutdownController

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdnet/x86/kd_02_1969.dll
.dll windows:6 windows x86 arch:x86

Code Sign

61:0b:bb:d8:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/04/2012, 20:55

Not After

09/07/2013, 20:55

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:35:95:be:8d:f8:4d:72:d4:b0:15:ae:d3:b0:36:a1:be:46:e9:d5:af:1d:37:7e:59:10:a9:af:31:f7:b6:fe
Signer

Actual PE Digest

7a:35:95:be:8d:f8:4d:72:d4:b0:15:ae:d3:b0:36:a1:be:46:e9:d5:af:1d:37:7e:59:10:a9:af:31:f7:b6:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

KdGetPacketAddress
KdGetPacketLength
KdGetRxPacket
KdGetTxPacket
KdInitializeController
KdInitializeLibrary
KdReleaseRxPacket
KdSendTxPacket
KdShutdownController

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
layout.bin
setup.exe
.exe windows:4 windows x86 arch:x86

8f244019e52c417786599750d44c515a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2012, 00:00

Not After

23/02/2015, 23:59

Subject

CN=Qualcomm Atheros,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qualcomm Atheros,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:13:ef:91:47:d4:7c:5a:fa:90:a3:1c:78:ac:30:de:a9:f1:42:62
Signer

Actual PE Digest

9b:13:ef:91:47:d4:7c:5a:fa:90:a3:1c:78:ac:30:de:a9:f1:42:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LoadLibraryExA
QueryPerformanceFrequency
CreateEventA
ReadFile
CompareStringA
CompareStringW
GlobalSize
SizeofResource
FreeResource
SearchPathA
FindNextFileA
GetTempFileNameA
GetExitCodeProcess
TerminateProcess
OpenProcess
GetLocalTime
InitializeCriticalSection
GetCurrentProcessId
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
VirtualQuery
VirtualProtect
UnmapViewOfFile
GetShortPathNameA
MapViewOfFile
CreateFileMappingA
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
IsBadReadPtr
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
lstrlenA
Sleep
CloseHandle
CreateProcessA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
DeleteFileA
ResumeThread
SetThreadContext
MulDiv
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
TlsAlloc
CreateDirectoryA
FindFirstFileA
FindClose
lstrcmpiA
lstrcpynA
WriteFile
GetDriveTypeA
SetFilePointer
GetFileAttributesA
ReleaseMutex
GetPrivateProfileIntA
lstrcatA
LoadLibraryA
GetSystemDefaultLangID
CreateMutexA
FreeLibrary
SetErrorMode
GetTickCount
FindResourceExA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
GetTempPathA
GetVersionExA
CreateFileA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetFileSize

user32

SetWindowLongA
SetWindowTextA
SendMessageA
GetDlgItem
wsprintfA
WaitForInputIdle
CharUpperA
MessageBoxA
DialogBoxIndirectParamA
SetDlgItemTextA
MsgWaitForMultipleObjects
CharLowerBuffA
SetFocus
BeginPaint
EndPaint
LoadStringA
FillRect
ScreenToClient
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
GetMessageA
DefWindowProcA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetPropA
EnableMenuItem
SetPropA
RemovePropA
ShowWindow
IsWindow
GetSysColor
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
SetActiveWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetDesktopWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
EnumChildWindows
CreateWindowExA
RegisterClassExA
IntersectRect
GetDlgItemTextA
GetWindowLongA
GetWindowRect
MoveWindow
EndDialog
LoadIconA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
GetErrorInfo
VariantClear
VariantChangeType

lz32

LZOpenFileA
LZCopy
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.ini
setup.inx
setup.isn
setup.iss
uninstall.iss
update.iss
˵(Readme).htm
.html

Sharing

General

Malware Config

Signatures

Files

6c1e02368d074a68f0dafefeae6988f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cdCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

fea6c983249b7d181a46ce4c96e7b325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cdCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 430B

2390614e8552c2824753f056c47fbeb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cdCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:34:fe:b2:61:21:ef:79:84:9e:20:70:b5:ca:da:61:5a:42:b0:32
Signer

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

53:62:8d:a1:5b:20:cb:b2:3d:a8:0a:17:b8:b2:ed:26:10:7c:0b:47
Signer

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 430B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2b:99:76:ab:2b:07:8a:96:50:8d:d5:1d:bb:35:a8:87:bd:d1:3a:53
Signer

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

af:ae:05:3d:03:71:67:4d:40:48:a7:a1:34:13:fc:24:7b:86:4a:ab
Signer

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 440B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:7c:40:2c:26:fa:b7:42:48:4f:70:e0:a0:e6:6c:cd
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3f:59:87:32:4e:72:dd:37:e5:65:17:64:8a:5b:fb:ea:27:fb:57:52
Signer