86f98934da4f803c2c8aae799f635697

Sharing

Copy URL Twitter E-mail

General

Target

86f98934da4f803c2c8aae799f635697
Size

8.0MB
MD5

86f98934da4f803c2c8aae799f635697
SHA1

9c5354667497857263f0611585de8ee43b1f8701
SHA256

2ccc73fcbe16c1caa3bc6a1e953deb90a3cd72b39e25f10c512310053c243f74
SHA512

9b269462a345bbff3b8b63f2120be30c2ff0ffb29c4ea2e985cda186707456aa267942fc483e8301134484aa45258f2582d9c96b2c564730919ea9fe6850d289
SSDEEP

196608:lI3ot2DFFWFupcewtUkrpnT+mpYO2D0AZIyYzQ1DL1urTG9E:eY8pFWF0gdTXpYzDFY8OrX

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Unsigned PE 28 IoCs

Checks for missing Authenticode signature.

resource
unpack001/root super/ADB/AdbWinApi.dll
unpack001/root super/ADB/AdbWinUsbApi.dll
unpack001/root super/ADB/adb.exe
unpack001/root super/Drivers/x64/Motorola/Mousbser.sys
unpack001/root super/Drivers/x64/Motorola/motccgp.sys
unpack001/root super/Drivers/x64/Motorola/motccgpfl.sys
unpack001/root super/Drivers/x64/Motorola/motfilt.sys
unpack001/root super/Drivers/x64/Motorola/motmodem.sys
unpack001/root super/Drivers/x64/Motorola/motoandroid.sys
unpack001/root super/Drivers/x64/Motorola/motodrv.sys
unpack001/root super/Drivers/x64/Motorola/motousbnet.sys
unpack001/root super/Drivers/x64/Motorola/motport.sys
unpack001/root super/Drivers/x64/Motorola/motswch.sys
unpack001/root super/Drivers/x64/Motorola/motusbdevice.sys
unpack001/root super/Drivers/x64/Motorola/usblan_ifconfig.exe
unpack001/root super/Drivers/x86/Motorola/Mousbser.sys
unpack001/root super/Drivers/x86/Motorola/motccgp.sys
unpack001/root super/Drivers/x86/Motorola/motccgpfl.sys
unpack001/root super/Drivers/x86/Motorola/motfilt.sys
unpack001/root super/Drivers/x86/Motorola/motmodem.sys
unpack001/root super/Drivers/x86/Motorola/motoandroid.sys
unpack001/root super/Drivers/x86/Motorola/motodrv.sys
unpack001/root super/Drivers/x86/Motorola/motousbnet.sys
unpack001/root super/Drivers/x86/Motorola/motport.sys
unpack001/root super/Drivers/x86/Motorola/motswch.sys
unpack001/root super/Drivers/x86/Motorola/motusbdevice.sys
unpack001/root super/Drivers/x86/Motorola/usblan_ifconfig.exe
unpack001/root super/SuperOneClick.exe

Files

86f98934da4f803c2c8aae799f635697
.rar
root super/ADB/AdbWinApi.dll
.dll windows:6 windows x86 arch:x86

c64cac39044626770353879245ea25e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance

kernel32

GetACP
SetLastError
CloseHandle
GetLastError
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetSystemDirectoryW
RaiseException
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetVersionExA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
OutputDebugStringA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetModuleHandleW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/ADB/AdbWinUsbApi.dll
.dll windows:6 windows x86 arch:x86

fda9f9f5f569ddd0dbf3ad8a275a2eb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance

kernel32

TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
OutputDebugStringA
ExitProcess
LoadLibraryA
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
GetProcAddress
HeapAlloc
HeapFree
RtlUnwind
GetVersionExA
GetCommandLineA
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
Sleep
CreateFileW
WideCharToMultiByte
CreateEventW
CloseHandle
GetLastError
SetLastError
InterlockedDecrement
GetLocaleInfoA

winusb

WinUsb_GetDescriptor
WinUsb_Free
WinUsb_QueryPipe
WinUsb_GetOverlappedResult
WinUsb_ReadPipe
WinUsb_WritePipe
WinUsb_QueryInterfaceSettings
WinUsb_GetCurrentAlternateSetting
WinUsb_Initialize
WinUsb_SetPipePolicy

adbwinapi

?IsCompleted@AdbIOCompletion@@UAE_NXZ
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??1AdbEndpointObject@@MAE@XZ
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?AddRef@AdbObjectHandle@@UAEJXZ
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z

Exports

Exports

InstantiateWinUsbInterface

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/ADB/adb.exe
.exe windows:4 windows x86 arch:x86

fef6cee9d0e4eec527f09da74363e32f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetFileAttributesA
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_access
_chmod
_getcwd
_getpid
_read
_stat
_strdup
_stricmp
_unlink
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthread
_cexit
_errno
_findclose
_findfirst
_findnext
_fullpath
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
exit
fflush
fgets
fopen
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
memset
perror
realloc
setvbuf
signal
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncpy
strpbrk
strrchr
strtol
strtoul
wcslen

shell32

SHGetFolderPathA

ws2_32

WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
htonl
htons
listen
recv
send
setsockopt
shutdown
socket

adbwinapi

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 768B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/108
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/ADB/adblinux
.elf linux x86
root super/ADB/adbmac
.macho macos arch:x86
root super/Dependencies/busybox
.elf linux arm
root super/Dependencies/sqlite3
.elf linux arm
root super/Drivers/vendors.txt
root super/Drivers/x64/Motorola/Momdm.inf
root super/Drivers/x64/Motorola/Moser.inf
root super/Drivers/x64/Motorola/Mousbser.sys
.sys windows:6 windows x64 arch:x64

45ca490a1d085d2bb5befa5ec4b48bba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeAcquireSpinLockRaiseToDpc
RtlCopyUnicodeString
IofCompleteRequest
KeInitializeEvent
RtlUnicodeStringToAnsiString
sprintf
IoFreeIrp
ExAllocatePoolWithTag
RtlFreeAnsiString
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
IoAcquireRemoveLockEx
KeClearEvent
IofCallDriver
PsCreateSystemThread
PsTerminateSystemThread
IoSetDeviceInterfaceState
ZwClose
ObReferenceObjectByHandle
KeSetPriorityThread
KeWaitForSingleObject
ExGetPreviousMode
RtlWriteRegistryValue
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
ObfDereferenceObject
KeWaitForMultipleObjects
PoSetPowerState
IoCreateUnprotectedSymbolicLink
IoAttachDeviceToDeviceStack
IoAllocateIrp
RtlCompareMemory
IoReuseIrp
IoOpenDeviceRegistryKey
IoCreateDevice
IoRegisterDeviceInterface
IoGetDeviceProperty
KeSetEvent
IoDeleteDevice
ZwSetValueKey
IoDetachDevice
IoCancelIrp
ZwOpenKey
isprint
ZwQueryValueKey
strstr
RtlIntegerToUnicodeString
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
RtlAnsiStringToUnicodeString
MmMapLockedPagesSpecifyCache
KeSetTimer
KeCancelTimer
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
IoQueueWorkItem
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
KeBugCheckEx
IoDeleteSymbolicLink
DbgPrint
RtlDeleteRegistryValue
IoReleaseCancelSpinLock
RtlInitUnicodeString
KeReleaseSpinLock

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/WdfCoInstaller01007.dll
.dll windows:6 windows x64 arch:x64

cc5018e235a4bdab3c3d361ebe86307a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

31:71:27:67:11:3a:7f:fc:dd:98:9e:a8:a8:14:0c:40:79:51:69:2d
Signer

Actual PE Digest

31:71:27:67:11:3a:7f:fc:dd:98:9e:a8:a8:14:0c:40:79:51:69:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_ultow
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_stricmp
_vsnwprintf

setupapi

SetupCloseInfFile
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupLogErrorW
SetupOpenInfFileW
SetupCloseLog
SetupDiSetDeviceInstallParamsW
SetupOpenLog
SetupFindNextMatchLineW
SetupDiGetActualSectionToInstallW
SetupDiGetSelectedDriverW
SetupGetStringFieldW
SetupPromptReboot
SetupFindFirstLineW
SetupGetLineCountW
SetupDiGetDriverInfoDetailW

kernel32

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
ExpandEnvironmentStringsW
GetFileInformationByHandle
DeleteFileW
CloseHandle
FindNextFileW
RemoveDirectoryW
LockResource
GetLocalTime
FindClose
SetLastError
CreateFileW
FileTimeToSystemTime
TerminateProcess
GetExitCodeProcess
FormatMessageW
SizeofResource
WriteFile
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
CreateProcessW
LoadResource
FindResourceW
FindFirstFileW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
LocalFree
GetWindowsDirectoryW
LocalAlloc
GlobalFree
GetProcAddress
VerifyVersionInfoW
GetModuleFileNameW
GetModuleHandleW
VerSetConditionMask

advapi32

RegCloseKey
DeleteService
OpenSCManagerW
QueryServiceLockStatusW
QueryServiceConfigW
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
RegSetValueExW
RegFlushKey
RegCreateKeyExW
CloseServiceHandle
RegOpenKeyExW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

shell32

CommandLineToArgvW

user32

LoadStringW
IsCharAlphaNumericW
IsCharAlphaW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/mot_ci.dll
.dll windows:6 windows x64 arch:x64

e9333c75d2ead385c06b4d74ca99bfa5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:27:06:10:44:c2:f4:c2:ab:26:68:60:8d:ca:21:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/03/2009, 00:00

Not After

04/03/2010, 23:59

Subject

CN=Motorola,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PCS,O=Motorola,L=Libertyville,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:88:26:2f:1e:42:f3:e7:7e:1e:3d:0a:32:8a:a6:20:dc:de:c4:54
Signer

Actual PE Digest

6b:88:26:2f:1e:42:f3:e7:7e:1e:3d:0a:32:8a:a6:20:dc:de:c4:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset

setupapi

SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceInstallParamsA
SetupDiGetClassInstallParamsA

kernel32

HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetProcessHeap
LocalFree
DisableThreadLibraryCalls
lstrlenA

user32

SetWindowLongPtrA
GetDlgItemTextA
GetWindowLongPtrA

comctl32

ord17
CreatePropertySheetPageA

Exports

Exports

MotorolaCI

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motccgp.cat
root super/Drivers/x64/Motorola/motccgp.inf
root super/Drivers/x64/Motorola/motccgp.sys
.sys windows:6 windows x64 arch:x64

df0b6fd130d75e0724e5b54e6cddb63f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
DbgPrint
RtlCopyUnicodeString
RtlAnsiCharToUnicodeChar
wcsstr
wcsncmp
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motccgpfl.sys
.sys windows:6 windows x64 arch:x64

ad585d3cd81fa20977a74dd8be7bbc5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
PsGetVersion
MmGetSystemRoutineAddress
KeBugCheckEx
RtlCopyUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motfilt.sys
.sys windows:6 windows x64 arch:x64

81d39a61413db6907747bd88cef4b3da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
KeBugCheckEx

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motmodem.cat
root super/Drivers/x64/Motorola/motmodem.inf
root super/Drivers/x64/Motorola/motmodem.sys
.sys windows:6 windows x64 arch:x64

c1658b614e6279bf90054cb754dd043f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
strncpy
wcsstr
RtlAppendUnicodeStringToString
RtlWriteRegistryValue
RtlInitUnicodeString
IofCompleteRequest
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
RtlDeleteRegistryValue
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motoandroid.cat
root super/Drivers/x64/Motorola/motoandroid.inf
root super/Drivers/x64/Motorola/motoandroid.sys
.sys windows:6 windows x64 arch:x64

9083f2143fcef9194acc05c823d167d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmUnmapLockedPages
IoBuildPartialMdl
IoFreeMdl
MmProbeAndLockPages
RtlCompareUnicodeString
IoAllocateMdl
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
__C_specific_handler

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motodrv.cat
root super/Drivers/x64/Motorola/motodrv.inf
root super/Drivers/x64/Motorola/motodrv.sys
.sys windows:6 windows x64 arch:x64

9a99b15c0c02e1ff9cf797f462c86726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeClearEvent
IoDeleteSymbolicLink
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDetachDevice
IoCancelIrp
KeDelayExecutionThread
PsCreateSystemThread
ExFreePool
ZwClose
KeWaitForSingleObject
IoAllocateIrp
IoCreateSymbolicLink
IoGetDriverObjectExtension
KeSetEvent
IoGetDeviceProperty
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
IoAllocateMdl
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlEqualUnicodeString
RtlxAnsiStringToUnicodeSize
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
RtlCopyUnicodeString
IoBuildDeviceIoControlRequest
IoFreeWorkItem
KeInitializeEvent
PsTerminateSystemThread
IoAllocateWorkItem
IoQueueWorkItem
KeWaitForMultipleObjects
IofCallDriver
ExRaiseStatus
IoDeleteDevice
KeInitializeDpc
IofCompleteRequest
IoConnectInterrupt
IoCreateDevice
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeReleaseSpinLock
ExInterlockedInsertTailList
ExInterlockedRemoveHeadList
KeAcquireSpinLockRaiseToDpc
KeInitializeDeviceQueue
KeReleaseSpinLockFromDpcLevel
KeInsertQueueDpc
KeRemoveDeviceQueue
KeInsertDeviceQueue
KeAcquireSpinLockAtDpcLevel
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
MmUnmapLockedPages
ExQueueWorkItem
MmMapLockedPages
PoRequestPowerIrp
PoSetPowerState
RtlFreeUnicodeString
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
PoCallDriver
ZwSetValueKey
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwOpenKey
RtlCompareMemory
ObfReferenceObject
KeBugCheckEx
__C_specific_handler
MmGetSystemRoutineAddress
PsGetVersion

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motousbnet.cat
root super/Drivers/x64/Motorola/motousbnet.inf
root super/Drivers/x64/Motorola/motousbnet.sys
.sys windows:6 windows x64 arch:x64

613cc91133843de880fca5d218b1191b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
RtlCompareMemory
MmMapLockedPagesSpecifyCache
IoOpenDeviceRegistryKey
ExInterlockedRemoveHeadList
ZwClose
ExInterlockedInsertTailList
IoFreeMdl
KeInitializeEvent
KeAcquireSpinLockRaiseToDpc
DbgPrint
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
ZwQueryValueKey
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock
RtlInitUnicodeString
RtlCopyUnicodeString
RtlUnicodeToMultiByteN
ExFreePoolWithTag
ExAllocatePoolWithTag

ndis.sys

NdisMSetAttributesEx
NdisMGetDeviceProperty
NdisTerminateWrapper
NdisUnchainBufferAtBack
NdisAllocateMemoryWithTag
NdisAllocateBuffer
NdisReadConfiguration
NdisFreeBufferPool
NdisMQueryAdapterResources
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisFreeMemory
NdisReadNetworkAddress
NdisCloseConfiguration
NdisInitializeEvent
NdisFreePacketPool
NdisOpenConfiguration
NdisAllocatePacket
NdisGetVersion
NdisMSleep
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisSetEvent
NdisWaitEvent
NdisInitializeWrapper
NdisFreePacket

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motport.cat
root super/Drivers/x64/Motorola/motport.inf
root super/Drivers/x64/Motorola/motport.sys
.sys windows:6 windows x64 arch:x64

c1658b614e6279bf90054cb754dd043f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
strncpy
wcsstr
RtlAppendUnicodeStringToString
RtlWriteRegistryValue
RtlInitUnicodeString
IofCompleteRequest
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
RtlDeleteRegistryValue
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motrndis.cat
root super/Drivers/x64/Motorola/motrndis.inf
root super/Drivers/x64/Motorola/motswch.sys
.sys windows:6 windows x64 arch:x64

8343c66caae0e63a1101bf8eb22d6976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
ObfDereferenceObject
IoCreateDevice
IoRegisterDeviceInterface
IoGetDeviceProperty
IofCallDriver
IoDeleteDevice
KeInitializeEvent
IoDetachDevice
IofCompleteRequest
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
IoIsWdmVersionAvailable
IoSetDeviceInterfaceState
RtlFreeUnicodeString
IoFreeIrp
IoAllocateIrp
PoStartNextPowerIrp
PoCallDriver
ExAllocatePoolWithTag
RtlInitUnicodeString
KeSetEvent
ZwQueryValueKey
ExFreePool
ZwClose
IoOpenDeviceRegistryKey
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 256B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/motusbdevice.cat
root super/Drivers/x64/Motorola/motusbdevice.inf
root super/Drivers/x64/Motorola/motusbdevice.sys
.sys windows:6 windows x64 arch:x64

3819087fcc6cce2b2d94e8686289ede5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoRegisterPlugPlayNotification
IoBuildSynchronousFsdRequest
KeInitializeEvent
ZwSetValueKey
IoCancelIrp
KeDelayExecutionThread
IoGetDeviceObjectPointer
ZwQueryValueKey
ExFreePoolWithTag
IoUnregisterPlugPlayNotification
IofCompleteRequest
KeWaitForSingleObject
ObfDereferenceObject
IoOpenDeviceRegistryKey
IofCallDriver
KeBugCheckEx
RtlCopyUnicodeString
IoBuildDeviceIoControlRequest
ZwClose
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Motorola/mousbser.cat
root super/Drivers/x64/Motorola/usblan_ifconfig.exe
.exe windows:4 windows x86 arch:x86

3f1006cbd93f558beb0aa3ed336c19c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA
SetPropA
MessageBoxA
DestroyWindow
SetWindowLongA
SetDlgItemTextA
GetDlgItem
SendMessageA
EndDialog
CallWindowProcA
SetFocus
UpdateWindow
ShowWindow
CreateWindowExA
GetPropA
GetWindowTextA
GetParent

gdi32

GetStockObject

advapi32

RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyA

comctl32

InitCommonControlsEx

ws2_32

inet_addr
ntohl
htonl
inet_ntoa

kernel32

TerminateProcess
HeapSize
GetCPInfo
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
GetLastError
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
CloseHandle
FlushFileBuffers
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
GetEnvironmentStrings
GetCurrentProcess
LCMapStringA
LCMapStringW
EnumSystemLocalesA
SetHandleCount
GetStdHandle
IsValidCodePage
SetUnhandledExceptionFilter
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapDestroy
GetEnvironmentStringsW
IsValidLocale
GetLocaleInfoA
GetFileType
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/WdfCoInstaller01005.dll
.dll windows:6 windows x64 arch:x64

831f1fc1bf81528bc9624d69c49d6e74

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4
Signer

Actual PE Digest

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_ultow
_stricmp
_vsnwprintf

setupapi

SetupOpenLog
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
SetupLogErrorW
SetupInstallServicesFromInfSectionW
SetupDiGetSelectedDriverW
SetupFindNextMatchLineW
SetupGetLineCountW
SetupGetStringFieldW
SetupDiGetActualSectionToInstallW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
WriteFile
RemoveDirectoryW
LockResource
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
GetLocalTime
FindClose
CreateProcessW
LoadResource
SetLastError
FindResourceW
FindFirstFileW
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
DeleteFileW
CloseHandle
TerminateProcess
GetExitCodeProcess
FindNextFileW
FormatMessageW
SizeofResource
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
VerSetConditionMask
GlobalFree
GetModuleFileNameW
LocalFree
GetModuleHandleW
GetProcAddress
GetLastError
VerifyVersionInfoW
LocalAlloc

advapi32

LockServiceDatabase
RegCloseKey
OpenServiceW
QueryServiceLockStatusW
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfigW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

shell32

CommandLineToArgvW

user32

IsCharAlphaW
LoadStringW
IsCharAlphaNumericW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/setup64.dat
.exe windows:6 windows x64 arch:x64

987936319fc272503429da0680636e08

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:56:2c:12:30:8a:fc:65:5c:d6:83:27:40:ed:35:1c:46:b9:b8:22
Signer

Actual PE Digest

6b:56:2c:12:30:8a:fc:65:5c:d6:83:27:40:ed:35:1c:46:b9:b8:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
RegCloseKey
InitializeSecurityDescriptor
RegEnumKeyExA
SetSecurityDescriptorDacl
RegGetKeySecurity
InitializeAcl
AddAccessAllowedAce
RegSetKeySecurity
GetLengthSid

kernel32

SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
RtlUnwindEx
FreeLibrary
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetCPInfo
GetACP
GetOEMCP
HeapFree
HeapAlloc
Sleep
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
SetCurrentDirectoryA
CreateMutexA
CloseHandle
GetTempPathA
CreateThread
CreateFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
LoadLibraryA
MoveFileA
DeviceIoControl
FindNextFileA
GetModuleHandleA
DeleteFileA
GetWindowsDirectoryA
GetDiskFreeSpaceExA
GetVersionExA
GetSystemDirectoryA
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
ReadFile
GetConsoleMode
GetConsoleCP
GetVersionExW
GetCommandLineA
SetFilePointer

user32

SetWindowTextA
DialogBoxParamA
SetDlgItemTextA
SendMessageA
SetWindowLongA
MessageBoxA
GetDlgItem
EndDialog
ShowWindow

cfgmgr32

CM_Locate_DevNodeA
CM_Create_DevNodeA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

setupapi

SetupIterateCabinetA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupGetStringFieldA
SetupFindFirstLineA
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupOpenInfFileA
SetupFindNextLine
SetupDiGetINFClassA
SetupCopyOEMInfA
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadadb.sys
.sys windows:6 windows x64 arch:x64

9083f2143fcef9194acc05c823d167d6

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:5b:08:69:3d:28:b5:53:a2:1a:d1:7b:85:44:85:4b:d3:49:0c:8c
Signer

Actual PE Digest

94:5b:08:69:3d:28:b5:53:a2:1a:d1:7b:85:44:85:4b:d3:49:0c:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmUnmapLockedPages
IoBuildPartialMdl
IoFreeMdl
MmProbeAndLockPages
RtlCompareUnicodeString
IoAllocateMdl
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
__C_specific_handler

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadbus.sys
.sys windows:6 windows x64 arch:x64

cc141c600967b3b002236bc94ff83148

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:7d:f8:d3:22:d8:bb:9e:7d:d6:aa:89:99:56:ef:5a:1e:df:c4:b2
Signer

Actual PE Digest

9c:7d:f8:d3:22:d8:bb:9e:7d:d6:aa:89:99:56:ef:5a:1e:df:c4:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateKey
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
KeInitializeEvent
RtlQueryRegistryValues
KeDelayExecutionThread
ExFreePool
ZwClose
RtlWriteRegistryValue
ZwEnumerateKey
ZwOpenKey
IoDeleteDevice
IoInvalidateDeviceRelations
IofCompleteRequest
ObfDereferenceObject
IoCreateDevice
KeClearEvent
PoRequestPowerIrp
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetEvent
KeReleaseSpinLock
IoFreeIrp
KeAcquireSpinLockRaiseToDpc
KeInitializeMutex
IoAllocateDriverObjectExtension
RtlEqualUnicodeString
IoGetDriverObjectExtension
IoGetDeviceProperty
ExQueueWorkItem
RtlCompareMemory
IoCancelIrp
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
ZwQueryValueKey
KeResetEvent
KeInitializeDpc
KeInitializeTimer
KeQueryTimeIncrement
KeSetTimer
IoInitializeIrp
KeCancelTimer
IofCallDriver
RtlUnicodeStringToInteger
IoDeleteSymbolicLink
ObReferenceObjectByPointer
IoAllocateIrp
MmMapLockedPages
MmProbeAndLockPages
MmUnlockPages
IoDetachDevice
IoCreateUnprotectedSymbolicLink
ObfReferenceObject
ZwSetValueKey
RtlDeleteRegistryValue
KeReadStateTimer
KeReleaseMutex
KeBugCheckEx
__C_specific_handler

hal

KeStallExecutionProcessor

ssadwh.sys

MCCIWH_FindIoGetAttachedDeviceReference
MCCIWH_FindPoStartNextPowerIrp
MCCIWH_FindPoRequestPowerIrp
MCCIWH_FindPoCallDriver
MCCIWH_QuerySystemVersion
MCCIWH_FindPoSetPowerState
MCCIWH_QuerySystem98Gold
MCCIWH_FindIoSetDeviceInterfaceState
MCCIWH_FindIoRegisterDeviceInterface
MCCIWH_FindIoOpenDeviceRegistryKey

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadcmnt.sys
.sys windows:6 windows x64 arch:x64

b146713878e3df5ea09131287b8538a5

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:10:89:8a:4a:76:5d:b5:c2:bd:84:44:f5:5d:ca:7a:69:b4:86:74
Signer

Actual PE Digest

07:10:89:8a:4a:76:5d:b5:c2:bd:84:44:f5:5d:ca:7a:69:b4:86:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExQueueWorkItem
ExAllocatePoolWithTag
KeDelayExecutionThread
ExFreePool
ObfReferenceObject
ObfDereferenceObject
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
RtlInitUnicodeString
IoGetDeviceObjectPointer
PoCallDriver
PoRegisterDeviceForIdleDetection
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState
IoIsWdmVersionAvailable
MmGetSystemRoutineAddress
KeBugCheckEx

Exports

Exports

MCCICM_AddSerialDevice
MCCICM_FindIoOpenDeviceRegistryKey
MCCICM_FindPoCallDriver
MCCICM_FindPoRequestPowerIrp
MCCICM_FindPoStartNextPowerIrp
MCCICM_QuerySystemVersion
MCCICM_ReestablishSerialConnection
MCCICM_RemoveSerialDevice
MCCIWH_CreateDelayedDereferenceItem
MCCIWH_FindIoGetDeviceInterfaceAlias
MCCIWH_FindIoGetDeviceInterfaces
MCCIWH_FindIoOpenDeviceRegistryKey
MCCIWH_FindIoRegisterDeviceInterface
MCCIWH_FindIoRegisterPlugPlayNotification
MCCIWH_FindIoReportTargetDeviceChange
MCCIWH_FindIoSetDeviceInterfaceState
MCCIWH_FindPDOByDevNode
MCCIWH_FindPDOByReference
MCCIWH_FindPoCallDriver
MCCIWH_FindPoRegisterDeviceForIdleDetection
MCCIWH_FindPoRegisterSystemState
MCCIWH_FindPoRequestPowerIrp
MCCIWH_FindPoSetDeviceBusy
MCCIWH_FindPoSetPowerState
MCCIWH_FindPoSetSystemState
MCCIWH_FindPoStartNextPowerIrp
MCCIWH_FindPoUnregisterSystemState
MCCIWH_QuerySystem98Gold
MCCIWH_QuerySystemVersion
MCCIWH_SubmitDelayedDereferenceItem

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadmdfl.sys
.sys windows:6 windows x64 arch:x64

dccccaf7a5cc7895e66073fd406be6fb

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:fc:b1:1c:00:a6:9c:04:aa:e8:0a:a4:f2:f8:88:90:a3:ae:a6:8e
Signer

Actual PE Digest

7e:fc:b1:1c:00:a6:9c:04:aa:e8:0a:a4:f2:f8:88:90:a3:ae:a6:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeEvent
IofCompleteRequest
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoAcquireCancelSpinLock
IofCallDriver
PoStartNextPowerIrp
PoCallDriver
ExAllocatePoolWithTag
IoAcquireRemoveLockEx
KeResetEvent
RtlInitUnicodeString
KeSetEvent
IoReleaseRemoveLockEx
KeDelayExecutionThread
ZwQueryValueKey
ExFreePool
KeQueryTimeIncrement
ZwClose
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoInitializeRemoveLockEx
IoOpenDeviceRegistryKey
KeReleaseSpinLock
KeAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
KeAcquireSpinLockRaiseToDpc
IoDetachDevice
IoFreeIrp
IoAllocateIrp
KeBugCheckEx

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadmdm.sys
.sys windows:6 windows x64 arch:x64

5bb121a69e02ae8a43ada4aac0b90ba8

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:b9:75:1a:70:ed:29:1b:15:43:53:96:e2:36:df:c9:9c:c7:55:3a
Signer

Actual PE Digest

05:b9:75:1a:70:ed:29:1b:15:43:53:96:e2:36:df:c9:9c:c7:55:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeReleaseSpinLock
IofCompleteRequest
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
ExFreePool
KeCancelTimer
RtlDeleteRegistryValue
ExQueueWorkItem
ExAllocatePoolWithTag
KeSetEvent
KeInitializeEvent
KeWaitForSingleObject
KeQueryTimeIncrement
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteSymbolicLink
KeInitializeMutex
KeInitializeDpc
KeInitializeTimer
IoCreateUnprotectedSymbolicLink
RtlWriteRegistryValue
KeInsertQueueDpc
KeSetTimer
IoCancelIrp
ObfDereferenceObject
RtlInitUnicodeString
RtlEqualUnicodeString
RtlCompareMemory
KeClearEvent
KeReleaseMutex
KeResetEvent
IoAttachDeviceToDeviceStack
PoRequestPowerIrp
KeDelayExecutionThread
PoStartNextPowerIrp
RtlAppendUnicodeToString
IofCallDriver
IoDeleteDevice
IoDetachDevice
ZwQueryValueKey
ZwClose
ZwSetValueKey
ObReferenceObjectByPointer
IoFreeIrp
IoAllocateIrp
IoCreateDevice
ObfReferenceObject
KeReadStateTimer
IoGetDeviceProperty
IoInitializeIrp
KeBugCheckEx
__C_specific_handler

hal

KeStallExecutionProcessor

ssadcm.sys

MCCIWH_FindIoSetDeviceInterfaceState
MCCICM_AddSerialDevice
MCCICM_RemoveSerialDevice
MCCIWH_FindIoRegisterDeviceInterface
MCCIWH_FindPoStartNextPowerIrp
MCCIWH_FindPoRequestPowerIrp
MCCIWH_FindPoCallDriver
MCCIWH_QuerySystemVersion
MCCIWH_FindPoSetPowerState
MCCIWH_QuerySystem98Gold
MCCIWH_FindIoOpenDeviceRegistryKey
MCCICM_ReestablishSerialConnection

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadserd.sys
.sys windows:6 windows x64 arch:x64

71b25e5b94881eaece6a423bcd70d181

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:51:30:f2:e3:cf:e7:58:a4:39:82:04:24:54:14:67:c2:80:a6:a3
Signer

Actual PE Digest

1e:51:30:f2:e3:cf:e7:58:a4:39:82:04:24:54:14:67:c2:80:a6:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IofCompleteRequest
KeRemoveQueueDpc
ExFreePool
KeCancelTimer
RtlDeleteRegistryValue
ExQueueWorkItem
IoDeleteSymbolicLink
KeInitializeMutex
KeInitializeEvent
KeInitializeDpc
KeInitializeTimer
IoCreateUnprotectedSymbolicLink
RtlWriteRegistryValue
KeInsertQueueDpc
KeSetTimer
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetEvent
IoCancelIrp
ObfDereferenceObject
IoInitializeIrp
RtlInitUnicodeString
KeClearEvent
KeReleaseMutex
KeWaitForSingleObject
RtlCompareMemory
IoAttachDeviceToDeviceStack
PoRequestPowerIrp
KeDelayExecutionThread
PoStartNextPowerIrp
IofCallDriver
RtlAppendUnicodeToString
IoDeleteDevice
IoDetachDevice
ZwQueryValueKey
ZwClose
ZwSetValueKey
KeResetEvent
ObReferenceObjectByPointer
KeQueryTimeIncrement
IoFreeIrp
IoAllocateIrp
IoCreateDevice
ObfReferenceObject
KeReadStateTimer
IoGetDeviceProperty
RtlEqualUnicodeString
KeBugCheckEx
__C_specific_handler

hal

KeStallExecutionProcessor

ssadcm.sys

MCCIWH_FindIoSetDeviceInterfaceState
MCCICM_AddSerialDevice
MCCICM_RemoveSerialDevice
MCCIWH_FindIoRegisterDeviceInterface
MCCIWH_FindPoStartNextPowerIrp
MCCIWH_FindPoRequestPowerIrp
MCCIWH_FindPoCallDriver
MCCIWH_QuerySystemVersion
MCCIWH_FindPoSetPowerState
MCCIWH_QuerySystem98Gold
MCCIWH_FindIoOpenDeviceRegistryKey
MCCICM_ReestablishSerialConnection

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/amd64/ssadwhnt.sys
.sys windows:6 windows x64 arch:x64

74ca606feae01ee73b7705e9d52f9160

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:e5:7c:3f:57:23:cc:1b:c1:b6:b2:a2:82:f2:20:00:76:e6:bb:73
Signer

Actual PE Digest

0e:e5:7c:3f:57:23:cc:1b:c1:b6:b2:a2:82:f2:20:00:76:e6:bb:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExQueueWorkItem
ExAllocatePoolWithTag
KeDelayExecutionThread
ExFreePool
ObfReferenceObject
ObfDereferenceObject
IoGetAttachedDeviceReference
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
RtlInitUnicodeString
IoGetDeviceObjectPointer
PoCallDriver
PoRegisterDeviceForIdleDetection
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState
MmGetSystemRoutineAddress
IoIsWdmVersionAvailable
KeBugCheckEx

Exports

Exports

MCCIWH_CreateDelayedDereferenceItem
MCCIWH_FindIoGetAttachedDeviceReference
MCCIWH_FindIoGetDeviceInterfaceAlias
MCCIWH_FindIoGetDeviceInterfaces
MCCIWH_FindIoOpenDeviceRegistryKey
MCCIWH_FindIoRegisterDeviceInterface
MCCIWH_FindIoRegisterPlugPlayNotification
MCCIWH_FindIoReportTargetDeviceChange
MCCIWH_FindIoSetDeviceInterfaceState
MCCIWH_FindPDOByDevNode
MCCIWH_FindPDOByReference
MCCIWH_FindPoCallDriver
MCCIWH_FindPoRegisterDeviceForIdleDetection
MCCIWH_FindPoRegisterSystemState
MCCIWH_FindPoRequestPowerIrp
MCCIWH_FindPoSetDeviceBusy
MCCIWH_FindPoSetPowerState
MCCIWH_FindPoSetSystemState
MCCIWH_FindPoStartNextPowerIrp
MCCIWH_FindPoUnregisterSystemState
MCCIWH_MmGetSystemRoutineAddress
MCCIWH_QuerySystem98Gold
MCCIWH_QuerySystemVersion
MCCIWH_SubmitDelayedDereferenceItem

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x64/Samsung/ssadadb.cat
root super/Drivers/x64/Samsung/ssadadb2.inf
root super/Drivers/x64/Samsung/ssadbus.cat
root super/Drivers/x64/Samsung/ssadbus.inf
root super/Drivers/x64/Samsung/ssadmdm.cat
root super/Drivers/x64/Samsung/ssadmdm2.inf
root super/Drivers/x64/Samsung/ssadndis.cat
root super/Drivers/x64/Samsung/ssadndis.inf
root super/Drivers/x64/Samsung/ssadsdm2.inf
root super/Drivers/x64/Samsung/ssadserd.cat
root super/Drivers/x86/Motorola/Momdm.inf
root super/Drivers/x86/Motorola/Moser.inf
root super/Drivers/x86/Motorola/Mousbser.sys
.sys windows:6 windows x86 arch:x86

3c5bb7688f41c2b194e3129242a0bff6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

IoFreeIrp
ExFreePoolWithTag
RtlDeleteRegistryValue
IoDeleteSymbolicLink
DbgPrint
IoReleaseCancelSpinLock
IofCompleteRequest
sprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
ObfDereferenceObject
IofCallDriver
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
KeClearEvent
KeWaitForSingleObject
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
PsTerminateSystemThread
ZwClose
ExGetPreviousMode
ObReferenceObjectByHandle
PsCreateSystemThread
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
memcpy
IoDeleteDevice
IoDetachDevice
IoCreateUnprotectedSymbolicLink
KeSetEvent
IoGetDeviceProperty
IoRegisterDeviceInterface
IoReuseIrp
IoAllocateIrp
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwOpenKey
IoCancelIrp
KeQuerySystemTime
ZwQueryValueKey
isprint
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
RtlCompareMemory

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 913B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/WdfCoInstaller01007.dll
.dll windows:6 windows x86 arch:x86

9aa2546c4dfe543e11dbbf7cb79c00c5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84
Signer

Actual PE Digest

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupPromptReboot
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree
VerifyVersionInfoW
VerSetConditionMask

advapi32

RegQueryValueExW
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfigW
UnlockServiceDatabase
QueryServiceConfigW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1019KB - Virtual size: 1019KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/mot_ci.dll
.dll windows:6 windows x86 arch:x86

4fad5cfaa153814ebedce57e6bb95589

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:27:06:10:44:c2:f4:c2:ab:26:68:60:8d:ca:21:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/03/2009, 00:00

Not After

04/03/2010, 23:59

Subject

CN=Motorola,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PCS,O=Motorola,L=Libertyville,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:a3:e9:6a:5f:b9:43:a2:ac:0f:9a:42:58:ea:2c:22:3f:02:41:0b
Signer

Actual PE Digest

48:a3:e9:6a:5f:b9:43:a2:ac:0f:9a:42:58:ea:2c:22:3f:02:41:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceInstallParamsA
SetupDiGetClassInstallParamsA
SetupDiSetClassInstallParamsA

kernel32

LocalFree
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
HeapFree
GetProcessHeap
HeapAlloc
DisableThreadLibraryCalls

user32

SetWindowLongA
GetDlgItemTextA
GetWindowLongA

comctl32

ord17
CreatePropertySheetPageA

Exports

Exports

MotorolaCI

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motccgp.cat
root super/Drivers/x86/Motorola/motccgp.inf
root super/Drivers/x86/Motorola/motccgp.sys
.sys windows:6 windows x86 arch:x86

6c92d1ccad8596e1a3bdfa3df99c03e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcsncmp
KeTickCount
memcpy
DbgPrint
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAnsiCharToUnicodeChar
wcsstr
KeBugCheckEx
memset

hal

KeGetCurrentIrql

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 479B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 462B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motccgpfl.sys
.sys windows:6 windows x86 arch:x86

3ed83f1e2efd04161c5a65e86ea917b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
memcpy
RtlCopyUnicodeString
memset

hal

KeGetCurrentIrql

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 333B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motfilt.sys
.sys windows:6 windows x86 arch:x86

4eaed084947489cfbbca1b94efb57021

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount
RtlCopyUnicodeString
memset

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 768B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motmodem.cat
root super/Drivers/x86/Motorola/motmodem.inf
root super/Drivers/x86/Motorola/motmodem.sys
.sys windows:6 windows x86 arch:x86

5eeace4912d2bfaa52c9aab719c55e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlWriteRegistryValue
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
strncpy
RtlUnicodeStringToAnsiString
RtlDeleteRegistryValue
RtlInitUnicodeString
memcpy
IofCompleteRequest
KeTickCount
KeBugCheckEx
RtlCopyUnicodeString
memset
wcsstr
_allmul

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motmtp2k.cat
root super/Drivers/x86/Motorola/motmtp2k.inf
root super/Drivers/x86/Motorola/motoandroid.cat
root super/Drivers/x86/Motorola/motoandroid.inf
root super/Drivers/x86/Motorola/motoandroid.sys
.sys windows:6 windows x86 arch:x86

7b96e98a0de7089ea8895df9e05a8c1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
RtlCompareUnicodeString
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeQuerySystemTime
memset
_allmul
MmUnmapLockedPages
KeTickCount
RtlCopyUnicodeString
RtlUnwind
KeBugCheckEx
ExFreePoolWithTag
IoBuildPartialMdl
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motodrv.cat
root super/Drivers/x86/Motorola/motodrv.inf
root super/Drivers/x86/Motorola/motodrv.sys
.sys windows:6 windows x86 arch:x86

e43b6b083ece2a29e73d7b027972c12e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoRegisterDeviceInterface
IoSetDeviceInterfaceState
KeClearEvent
InterlockedIncrement
ExFreePool
IoDeleteSymbolicLink
memset
KeDelayExecutionThread
IoDetachDevice
ExAllocatePoolWithTag
IoCreateSymbolicLink
ZwClose
PsCreateSystemThread
KeSetEvent
InterlockedDecrement
InterlockedExchange
memcpy
IoGetDeviceProperty
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
IoFreeIrp
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlCopyUnicodeString
RtlInitAnsiString
RtlInitUnicodeString
KeInitializeEvent
IofCallDriver
InterlockedCompareExchange
IoFreeWorkItem
PsTerminateSystemThread
KeWaitForMultipleObjects
IoQueueWorkItem
IoAllocateWorkItem
IoDeleteDevice
ExRaiseStatus
IoCreateDevice
IoConnectInterrupt
KeInitializeDpc
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeInitializeSpinLock
IofCompleteRequest
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeWaitForSingleObject
IoCancelIrp
KeInsertQueueDpc
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeDeviceQueue
IoAllocateIrp
IoBuildDeviceIoControlRequest
KeInsertDeviceQueue
KeRemoveDeviceQueue
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
PoRequestPowerIrp
ExQueueWorkItem
PoSetPowerState
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlFreeUnicodeString
MmMapLockedPages
MmUnmapLockedPages
memmove
IoAllocateDriverObjectExtension
IoOpenDeviceRegistryKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
RtlCompareMemory
KeQuerySystemTime
ObfReferenceObject
KeTickCount
KeBugCheckEx
IoGetDriverObjectExtension
MmGetSystemRoutineAddress
RtlUnwind
PsGetVersion

hal

KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KeGetCurrentIrql

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motousbnet.cat
root super/Drivers/x86/Motorola/motousbnet.inf
root super/Drivers/x86/Motorola/motousbnet.sys
.sys windows:6 windows x86 arch:x86

ee9e3fc485c8fdb868bf770a7b4dbb83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlCompareMemory
MmMapLockedPagesSpecifyCache
IoOpenDeviceRegistryKey
ZwClose
ExfInterlockedRemoveHeadList
IoFreeMdl
ExfInterlockedInsertTailList
KeInitializeEvent
memset
KeInitializeSpinLock
IoGetDeviceProperty
memcpy
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
RtlCopyUnicodeString
RtlUnicodeToMultiByteN
DbgPrint
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel

hal

KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

ndis.sys

NdisMQueryAdapterResources
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisFreePacket
NdisUnchainBufferAtBack
NdisAllocatePacketPool
NdisAllocatePacket
NdisFreeBufferPool
NdisAllocateBufferPool
NdisAllocateBuffer
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisGetVersion
NdisInitializeWrapper
NdisMRegisterMiniport
NdisMGetDeviceProperty
NdisMRegisterUnloadHandler
NdisFreePacketPool
NdisSetEvent
NdisMDeregisterAdapterShutdownHandler
NdisMSleep
NdisWaitEvent
NdisMSetAttributesEx
NdisTerminateWrapper

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 639B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motport.cat
root super/Drivers/x86/Motorola/motport.inf
root super/Drivers/x86/Motorola/motport.sys
.sys windows:6 windows x86 arch:x86

5eeace4912d2bfaa52c9aab719c55e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlWriteRegistryValue
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
strncpy
RtlUnicodeStringToAnsiString
RtlDeleteRegistryValue
RtlInitUnicodeString
memcpy
IofCompleteRequest
KeTickCount
KeBugCheckEx
RtlCopyUnicodeString
memset
wcsstr
_allmul

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motrndis.cat
root super/Drivers/x86/Motorola/motrndis.inf
root super/Drivers/x86/Motorola/motswch.sys
.sys windows:6 windows x86 arch:x86

d06f71ad99f4e7f2b24f5afedcca2faf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDetachDevice
IoRegisterDeviceInterface
IoDeleteDevice
IoAttachDeviceToDeviceStack
KeInitializeEvent
IoCreateDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
memset
IofCallDriver
IofCompleteRequest
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IoGetDeviceProperty
memcpy
IoFreeIrp
IoAllocateIrp
RtlFreeUnicodeString
IoSetDeviceInterfaceState
PoStartNextPowerIrp
PoCallDriver
KeSetEvent
InterlockedIncrement
InterlockedDecrement
ExFreePool
ZwQueryValueKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
IoOpenDeviceRegistryKey
KeTickCount
KeBugCheckEx

Sections

.text
Size: 640B - Virtual size: 580B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/motusbdevice.cat
root super/Drivers/x86/Motorola/motusbdevice.inf
root super/Drivers/x86/Motorola/motusbdevice.sys
.sys windows:6 windows x86 arch:x86

d54b4dcfa8a218ca195f3e0ec875ebf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetValueKey
IoOpenDeviceRegistryKey
ExFreePoolWithTag
ZwQueryValueKey
ExAllocatePoolWithTag
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoUnregisterPlugPlayNotification
ZwClose
IoCancelIrp
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
ObfDereferenceObject
IoGetDeviceObjectPointer
IoRegisterPlugPlayNotification
KeTickCount
KeBugCheckEx
RtlCopyUnicodeString
memset
IofCompleteRequest
_allmul

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1017B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 371B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Motorola/mousbser.cat
root super/Drivers/x86/Motorola/usblan_ifconfig.exe
.exe windows:4 windows x86 arch:x86

3f1006cbd93f558beb0aa3ed336c19c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA
SetPropA
MessageBoxA
DestroyWindow
SetWindowLongA
SetDlgItemTextA
GetDlgItem
SendMessageA
EndDialog
CallWindowProcA
SetFocus
UpdateWindow
ShowWindow
CreateWindowExA
GetPropA
GetWindowTextA
GetParent

gdi32

GetStockObject

advapi32

RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyA

comctl32

InitCommonControlsEx

ws2_32

inet_addr
ntohl
htonl
inet_ntoa

kernel32

TerminateProcess
HeapSize
GetCPInfo
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
GetLastError
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
CloseHandle
FlushFileBuffers
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
GetEnvironmentStrings
GetCurrentProcess
LCMapStringA
LCMapStringW
EnumSystemLocalesA
SetHandleCount
GetStdHandle
IsValidCodePage
SetUnhandledExceptionFilter
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapDestroy
GetEnvironmentStringsW
IsValidLocale
GetLocaleInfoA
GetFileType
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/WdfCoInstaller01005.dll
.dll windows:6 windows x86 arch:x86

467ea76ea189d0499d3ec487bbd6fff9

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c
Signer

Actual PE Digest

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf
_adjust_fdiv

setupapi

SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree
VerifyVersionInfoW
VerSetConditionMask

advapi32

CloseServiceHandle
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfigW
UnlockServiceDatabase
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadadb.sys
.sys windows:6 windows x86 arch:x86

7b96e98a0de7089ea8895df9e05a8c1e

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:02:3c:d8:d0:ef:69:ac:f4:b1:ce:6d:47:02:3e:ff:d3:fb:9c:d5
Signer

Actual PE Digest

c4:02:3c:d8:d0:ef:69:ac:f4:b1:ce:6d:47:02:3e:ff:d3:fb:9c:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
RtlCompareUnicodeString
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeQuerySystemTime
memset
_allmul
MmUnmapLockedPages
KeTickCount
RtlCopyUnicodeString
RtlUnwind
KeBugCheckEx
ExFreePoolWithTag
IoBuildPartialMdl
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadbus.sys
.sys windows:5 windows x86 arch:x86

f9302de069a42a3d0cfeae8c1ebce526

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:d4:3f:14:d9:f9:af:51:94:77:34:7b:92:c4:a7:3a:e2:2a:61:da
Signer

Actual PE Digest

43:d4:3f:14:d9:f9:af:51:94:77:34:7b:92:c4:a7:3a:e2:2a:61:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedIncrement
PoRequestPowerIrp
KeClearEvent
ExAllocatePoolWithTag
KeDelayExecutionThread
ZwClose
ZwCreateKey
RtlInitUnicodeString
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
ExFreePool
ZwEnumerateKey
ZwOpenKey
RtlQueryRegistryValues
KeInitializeEvent
IoDeleteDevice
ObfDereferenceObject
IoInvalidateDeviceRelations
KeInitializeSpinLock
IoCreateDevice
RtlCompareMemory
KeInitializeMutex
IoAllocateDriverObjectExtension
IoGetDriverObjectExtension
KeReleaseMutex
IoGetDeviceProperty
RtlEqualUnicodeString
KeSetEvent
IoFreeIrp
ExQueueWorkItem
PoStartNextPowerIrp
IoCancelIrp
InterlockedExchange
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
IofCallDriver
KeQueryTimeIncrement
KeSetTimer
_allmul
InterlockedCompareExchange
KeCancelTimer
KeQuerySystemTime
_allrem
_alldiv
KeResetEvent
IoInitializeIrp
KeInitializeDpc
KeInitializeTimer
IoAllocateIrp
RtlUnicodeStringToInteger
IoDeleteSymbolicLink
ZwQueryValueKey
ObReferenceObjectByPointer
MmUnlockPages
MmMapLockedPages
MmProbeAndLockPages
IoDetachDevice
ObfReferenceObject
IoCreateUnprotectedSymbolicLink
memmove
KeReadStateTimer
RtlDeleteRegistryValue
ZwSetValueKey
DbgBreakPoint
_except_handler3
InterlockedDecrement
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IoIsWdmVersionAvailable
IofCompleteRequest

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

ssadwh.sys

_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoGetAttachedDeviceReference@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindIoRegisterDeviceInterface@4

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadcmnt.sys
.sys windows:5 windows x86 arch:x86

9d7ba6670faea8756b9a63e5e66d4304

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:0e:f4:be:43:02:f5:9b:57:6e:77:42:c8:6a:dc:43:d3:57:74:ed
Signer

Actual PE Digest

1e:0e:f4:be:43:02:f5:9b:57:6e:77:42:c8:6a:dc:43:d3:57:74:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
KeDelayExecutionThread
ExFreePool
ExAllocatePoolWithTag
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
IoGetDeviceObjectPointer
RtlInitUnicodeString
PoCallDriver
PoRegisterDeviceForIdleDetection
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState
IoIsWdmVersionAvailable
MmGetSystemRoutineAddress

Exports

Exports

_MCCICM_AddSerialDevice@8
_MCCICM_FindIoOpenDeviceRegistryKey@4
_MCCICM_FindPoCallDriver@4
_MCCICM_FindPoRequestPowerIrp@4
_MCCICM_FindPoStartNextPowerIrp@4
_MCCICM_QuerySystemVersion@4
_MCCICM_ReestablishSerialConnection@4
_MCCICM_RemoveSerialDevice@4
_MCCIWH_CreateDelayedDereferenceItem@12
_MCCIWH_FindIoGetDeviceInterfaceAlias@4
_MCCIWH_FindIoGetDeviceInterfaces@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_FindIoRegisterPlugPlayNotification@4
_MCCIWH_FindIoReportTargetDeviceChange@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindPDOByDevNode@8
_MCCIWH_FindPDOByReference@20
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindPoRegisterDeviceForIdleDetection@4
_MCCIWH_FindPoRegisterSystemState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoSetDeviceBusy@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoSetSystemState@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoUnregisterSystemState@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_SubmitDelayedDereferenceItem@8

Sections

.text
Size: 1024B - Virtual size: 959B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 772B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadmdfl.sys
.sys windows:5 windows x86 arch:x86

8087248d407428b531434f2a866cdb6a

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:1b:5e:c6:3d:a8:1d:ec:3a:e9:95:a0:db:cc:7b:b2:b3:0b:4b:f4
Signer

Actual PE Digest

8a:1b:5e:c6:3d:a8:1d:ec:3a:e9:95:a0:db:cc:7b:b2:b3:0b:4b:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
IoCreateDevice
IoGetAttachedDeviceReference
IofCallDriver
IoAcquireCancelSpinLock
IofCompleteRequest
KeSetEvent
IoInitializeRemoveLockEx
InterlockedIncrement
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
InterlockedDecrement
IoReleaseRemoveLockAndWaitEx
KeResetEvent
ExFreePool
KeInitializeSpinLock
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
IoOpenDeviceRegistryKey
KeDelayExecutionThread
KeQueryTimeIncrement
KeWaitForSingleObject
InterlockedExchange
KefAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
PoStartNextPowerIrp
PoCallDriver
IoFreeIrp
IoAllocateIrp
IoDetachDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
ZwQueryValueKey
ObfDereferenceObject

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadmdm.sys
.sys windows:5 windows x86 arch:x86

490317c012bde66675fb9c3a358fd282

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:c8:ac:37:34:95:e9:c6:ee:26:be:f0:d4:4d:87:87:60:91:81:bd
Signer

Actual PE Digest

17:c8:ac:37:34:95:e9:c6:ee:26:be:f0:d4:4d:87:87:60:91:81:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAcquireCancelSpinLock
ExQueueWorkItem
IoInitializeIrp
InterlockedDecrement
InterlockedIncrement
IoReleaseCancelSpinLock
KeSetEvent
KeInitializeEvent
KeInsertQueueDpc
ObfDereferenceObject
KeSetTimer
_allmul
KeQuerySystemTime
KeInitializeTimer
InterlockedExchange
RtlEqualUnicodeString
RtlInitUnicodeString
IoCreateUnprotectedSymbolicLink
RtlWriteRegistryValue
IoDeleteSymbolicLink
KeInitializeDpc
KeInitializeSpinLock
KeInitializeMutex
KeTickCount
KeQueryTimeIncrement
KeWaitForSingleObject
KeClearEvent
IoCancelIrp
KeReleaseMutex
KeResetEvent
memmove
PoRequestPowerIrp
PoStartNextPowerIrp
KeDelayExecutionThread
IoAttachDeviceToDeviceStack
IofCallDriver
RtlAppendUnicodeToString
ObReferenceObjectByPointer
IoDeleteDevice
IoDetachDevice
ZwClose
ZwSetValueKey
ZwQueryValueKey
InterlockedCompareExchange
_allrem
_alldiv
IoFreeIrp
IoAllocateIrp
ObfReferenceObject
IoCreateDevice
KeReadStateTimer
DbgBreakPoint
IoGetDeviceProperty
_except_handler3
ExAllocatePoolWithTag
RtlDeleteRegistryValue
IofCompleteRequest
KeCancelTimer
KeRemoveQueueDpc
RtlCompareMemory
ExFreePool

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

ssadcm.sys

_MCCICM_RemoveSerialDevice@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCICM_AddSerialDevice@8
_MCCICM_ReestablishSerialConnection@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadserd.sys
.sys windows:5 windows x86 arch:x86

0ad49002ba52d3d6e6d051739690b033

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:22:eb:32:25:29:13:99:dc:bd:92:72:58:b1:ab:53:f1:ce:38:2f
Signer

Actual PE Digest

8b:22:eb:32:25:29:13:99:dc:bd:92:72:58:b1:ab:53:f1:ce:38:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCancelIrp
IoAcquireCancelSpinLock
ExQueueWorkItem
IoInitializeIrp
InterlockedDecrement
IoReleaseCancelSpinLock
KeSetEvent
KeInitializeEvent
KeInsertQueueDpc
ObfDereferenceObject
KeSetTimer
_allmul
KeQuerySystemTime
KeInitializeTimer
InterlockedExchange
RtlEqualUnicodeString
RtlInitUnicodeString
IoCreateUnprotectedSymbolicLink
RtlWriteRegistryValue
IoDeleteSymbolicLink
KeInitializeDpc
KeInitializeSpinLock
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
KeClearEvent
RtlCompareMemory
RtlDeleteRegistryValue
PoRequestPowerIrp
PoStartNextPowerIrp
KeDelayExecutionThread
IoAttachDeviceToDeviceStack
IofCallDriver
RtlAppendUnicodeToString
ObReferenceObjectByPointer
KeResetEvent
IoDeleteDevice
IoDetachDevice
ZwClose
ZwSetValueKey
ZwQueryValueKey
KeQueryTimeIncrement
InterlockedCompareExchange
_allrem
_alldiv
IoFreeIrp
IoAllocateIrp
ObfReferenceObject
IoCreateDevice
KeReadStateTimer
DbgBreakPoint
IoGetDeviceProperty
_except_handler3
IofCompleteRequest
KeCancelTimer
KeRemoveQueueDpc
ExFreePool
InterlockedIncrement
memmove
ExAllocatePoolWithTag

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

ssadcm.sys

_MCCICM_RemoveSerialDevice@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCICM_AddSerialDevice@8
_MCCICM_ReestablishSerialConnection@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/i386/ssadwhnt.sys
.sys windows:5 windows x86 arch:x86

e7b48205b38b5f58ccd42b3e24fcbb42

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:81:32:28:4e:8c:11:db:29:5b:eb:c2:a4:6e:a5:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

04/04/2012, 23:59

Subject

CN=MCCI Internal Testing Software,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=MCCI Corp. Internal Use Only-DO NOT TRUST-Contact [email protected],O=MCCI Internal Testing Software,L=Ithaca,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f6:c1:58:51:46:94:36:ca:d5:8f:45:af:04:8e:48:7c:52:c9:cc:8e
Signer

Actual PE Digest

f6:c1:58:51:46:94:36:ca:d5:8f:45:af:04:8e:48:7c:52:c9:cc:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
KeDelayExecutionThread
ExFreePool
ExAllocatePoolWithTag
IoGetAttachedDeviceReference
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoRegisterPlugPlayNotification
IoReportTargetDeviceChange
IoSetDeviceInterfaceState
IoGetDeviceObjectPointer
RtlInitUnicodeString
PoCallDriver
PoRegisterDeviceForIdleDetection
PoRegisterSystemState
PoRequestPowerIrp
PoSetPowerState
PoSetSystemState
PoStartNextPowerIrp
PoUnregisterSystemState
MmGetSystemRoutineAddress
IoIsWdmVersionAvailable

Exports

Exports

_MCCIWH_CreateDelayedDereferenceItem@12
_MCCIWH_FindIoGetAttachedDeviceReference@4
_MCCIWH_FindIoGetDeviceInterfaceAlias@4
_MCCIWH_FindIoGetDeviceInterfaces@4
_MCCIWH_FindIoOpenDeviceRegistryKey@4
_MCCIWH_FindIoRegisterDeviceInterface@4
_MCCIWH_FindIoRegisterPlugPlayNotification@4
_MCCIWH_FindIoReportTargetDeviceChange@4
_MCCIWH_FindIoSetDeviceInterfaceState@4
_MCCIWH_FindPDOByDevNode@8
_MCCIWH_FindPDOByReference@20
_MCCIWH_FindPoCallDriver@4
_MCCIWH_FindPoRegisterDeviceForIdleDetection@4
_MCCIWH_FindPoRegisterSystemState@4
_MCCIWH_FindPoRequestPowerIrp@4
_MCCIWH_FindPoSetDeviceBusy@4
_MCCIWH_FindPoSetPowerState@4
_MCCIWH_FindPoSetSystemState@4
_MCCIWH_FindPoStartNextPowerIrp@4
_MCCIWH_FindPoUnregisterSystemState@4
_MCCIWH_MmGetSystemRoutineAddress@4
_MCCIWH_QuerySystem98Gold@0
_MCCIWH_QuerySystemVersion@4
_MCCIWH_SubmitDelayedDereferenceItem@8

Sections

.text
Size: 1024B - Virtual size: 957B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
root super/Drivers/x86/Samsung/ssadadb.cat
root super/Drivers/x86/Samsung/ssadadb2.inf
root super/Drivers/x86/Samsung/ssadbus.cat
root super/Drivers/x86/Samsung/ssadbus.inf
root super/Drivers/x86/Samsung/ssadmdm.cat
root super/Drivers/x86/Samsung/ssadmdm2.inf
root super/Drivers/x86/Samsung/ssadndis.cat
root super/Drivers/x86/Samsung/ssadndis.inf
root super/Drivers/x86/Samsung/ssadsdm2.inf
root super/Drivers/x86/Samsung/ssadserd.cat
root super/Exploits/GingerBreak
.elf linux arm
root super/Exploits/psneuter
.elf linux arm
root super/Root/Superuser.apk
.apk android

com.noshufou.android.su

Su

Activities

Su

android.intent.action.MAIN

SuRequest

android.intent.action.MAIN

SuPreferences

android.intent.action.VIEW

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
com.noshufou.android.su.RESPOND

Receivers

SuRequestReceiver

com.noshufou.android.su.REQUEST

SuNotificationReceiver

com.noshufou.android.su.NOTIFICATION

UninstallReceiver

android.intent.action.PACKAGE_REMOVED

InstallReceiver

android.intent.action.PACKAGE_ADDED
root super/Root/su-v1
.elf linux arm
root super/Root/su-v2
.elf linux arm
root super/Root/su-v3
.elf linux arm
root super/SuperOneClick.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c64cac39044626770353879245ea25e4

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

setupapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

fda9f9f5f569ddd0dbf3ad8a275a2eb8

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

winusb

adbwinapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

fef6cee9d0e4eec527f09da74363e32f

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

ws2_32

adbwinapi

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 1024B - Virtual size: 636B

.rdata Size: 31KB - Virtual size: 31KB

.bss Size: - Virtual size: 75KB

.idata Size: 4KB - Virtual size: 3KB

/4 Size: 1024B - Virtual size: 768B

/19 Size: 4KB - Virtual size: 4KB

/35 Size: 86KB - Virtual size: 86KB

/47 Size: 15KB - Virtual size: 14KB

/61 Size: 19KB - Virtual size: 18KB

/73 Size: 12KB - Virtual size: 12KB

/86 Size: 1KB - Virtual size: 1KB

/97 Size: 63KB - Virtual size: 62KB

/108 Size: 6KB - Virtual size: 6KB

45ca490a1d085d2bb5befa5ec4b48bba

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

wmilib.sys

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 256B - Virtual size: 180B

cc5018e235a4bdab3c3d361ebe86307a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 1024B - Virtual size: 636B

.rdata
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 75KB

.idata
Size: 4KB - Virtual size: 3KB

/4
Size: 1024B - Virtual size: 768B

/19
Size: 4KB - Virtual size: 4KB

/35
Size: 86KB - Virtual size: 86KB

/47
Size: 15KB - Virtual size: 14KB

/61
Size: 19KB - Virtual size: 18KB

/73
Size: 12KB - Virtual size: 12KB

/86
Size: 1KB - Virtual size: 1KB

/97
Size: 63KB - Virtual size: 62KB

/108
Size: 6KB - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 256B - Virtual size: 180B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

31:71:27:67:11:3a:7f:fc:dd:98:9e:a8:a8:14:0c:40:79:51:69:2d
Signer

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 1KB - Virtual size: 18KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 512B - Virtual size: 270B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

17:27:06:10:44:c2:f4:c2:ab:26:68:60:8d:ca:21:52
Certificate

6b:88:26:2f:1e:42:f3:e7:7e:1e:3d:0a:32:8a:a6:20:dc:de:c4:54
Signer

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 108B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 88B