7831061b1ab89cd1e10248f54fa227ec

Sharing

Copy URL Twitter E-mail

General

Target

7831061b1ab89cd1e10248f54fa227ec
Size

5.8MB
MD5

7831061b1ab89cd1e10248f54fa227ec
SHA1

ac2110f9c9ce89b9e45de22df66c130487af7859
SHA256

3fef075ee457b3d8cd3f323a28beabb10ee0d96452259563c8153a945bcb8fdb
SHA512

0ab7a1357f8a09f36c55e38862b21d99b8b1ea3272a5d38473bb055a599ed3e152dece6c8feca35e8c76750227c95e98baac84796d29c35a547c2ed4cd841eb4
SSDEEP

98304:JPshb0hzilhfwcDHfjKrvnjiVa7QAr4quz/aQ6MMoeGxhxcxAR+EADsH4T+j:yhgz4h9/jK7jRjrBUCQ6MZxn/MEFH4TG

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/DriverGenius2011/Mydrivers.dll	acprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
7831061b1ab89cd1e10248f54fa227ec
unpack001/DriverGenius2011/DriverGenius.exe
unpack001/DriverGenius2011/InitConfig.exe
unpack001/DriverGenius2011/ksoft/softmgr.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7831061b1ab89cd1e10248f54fa227ec
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DriverGenius2011/Bench.dll
.dll windows:4 windows x86 arch:x86

d9b614ded403577bde60a663d4547144

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:7a:35:4f:97:2b:98:e8:e3:60:79:d7:ed:48:bc:f0:d4:94:08:24
Signer

Actual PE Digest

1f:7a:35:4f:97:2b:98:e8:e3:60:79:d7:ed:48:bc:f0:d4:94:08:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
QueryPerformanceFrequency
CloseHandle
ReadFile
SetFilePointer
DeviceIoControl
CreateFileA
Sleep
VirtualFree
VirtualAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
QueryPerformanceCounter
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers

Exports

Exports

BenchCPU
BenchDisk_RandomSeek
BenchDisk_ReadBurst
BenchFPU
BenchMMX
BenchMemory

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/DIFxAPI_x86.dll
.dll windows:6 windows x86 arch:x86

dc8e6588a99ab1a2ea66fe4fde8971f3

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:21:23:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/10/2007, 22:09

Not After

18/12/2008, 22:19

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

67:03:36:54:e0:aa:6c:86:f3:ca:99:92:4b:ac:79:ff:45:6f:a2:6b
Signer

Actual PE Digest

67:03:36:54:e0:aa:6c:86:f3:ca:99:92:4b:ac:79:ff:45:6f:a2:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DIFXAPI.pdb

Imports

ntdll

RtlUnwind
RtlNtStatusToDosError
VerSetConditionMask

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetThreadLocale
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
CreateEventW
SetEndOfFile
SetLastError
InterlockedExchange
lstrcmpiW
InterlockedDecrement
GetLastError
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsGetValue

user32

UnregisterClassA
CharLowerW
CharPrevW

setupapi

CM_Query_And_Remove_SubTreeW
SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Setup_DevNode
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetFieldCount
SetupGetIntField
CM_Enumerate_Classes
SetupDiEnumDeviceInfo
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupDiGetClassDevsW
SetupDiOpenClassRegKey
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupGetStringFieldW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupOpenAppendInfFileW
SetupCopyOEMInfW
SetupTermDefaultQueueCallback

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/DelZip179.dll
.dll windows:4 windows x86 arch:x86

ddd2cf296ab65eac9207968474477ba9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:56:11:23:c8:82:ba:f7:cf:48:44:af:42:b8:0a:fa:83:c3:db:c1
Signer

Actual PE Digest

53:56:11:23:c8:82:ba:f7:cf:48:44:af:42:b8:0a:fa:83:c3:db:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalFree
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

shell32

SHChangeNotify
SHFileOperationA

user32

CharToOemBuffA
CharUpperBuffA
EnumThreadWindows
GetDesktopWindow
MessageBoxA
OemToCharBuffA
wsprintfA

Exports

Exports

DZ_Abort
DZ_Path
DZ_PrivVersion
DZ_UnzExec
DZ_Version
DZ_ZipExec
DllEntryPoint
___CPPdebugHook

Sections

.text
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DriverGenius2011/DriverGenius.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.!rc!
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DriverGenius2011/DrvInst64.exe
.exe windows:5 windows x64 arch:x64

3f24c0af794f15ba0a59f186f46ebd9d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:52:f1:e9:85:51:f1:33:c4:45:53:a3:5e:6a:29:c5:de:50:a9:ac
Signer

Actual PE Digest

ae:52:f1:e9:85:51:f1:33:c4:45:53:a3:5e:6a:29:c5:de:50:a9:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentVariableA
GetFullPathNameA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
HeapReAlloc
SetEndOfFile
WriteFile
CloseHandle
WriteConsoleW
GetLastError
GetCommandLineA
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount

setupapi

SetupDiGetDeviceInfoListDetailA
CM_Get_Device_ID_ExA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

difxapi

DriverPackagePreinstallA
DriverPackageInstallA
DriverPackageGetPathA
DIFXAPISetLogCallbackA

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/Hicldr.dll
.dll windows:5 windows x86 arch:x86

3e2dd8132a22aaa6a6fac1f3d81c4354

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:0c:68:a8:d3:8c:a1:2c:9e:1c:df:df:7d:90:be:bc:c0:fb:99:b5
Signer

Actual PE Digest

08:0c:68:a8:d3:8c:a1:2c:9e:1c:df:df:7d:90:be:bc:c0:fb:99:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Rover\桌面\fwhicldr_dllcompatibletest\Source\Source\Release\Hicldr.pdb

Imports

kernel32

CreateFileA
SetFilePointer
FreeLibrary
ReadFile
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetVersionExA
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
strcat_s
strcpy_s
_access
malloc
free
__CppXcptFilter
memset

Exports

Exports

GetLdr
GetSlwga

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/InitConfig.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DriverGenius2011/Mydrivers.DAT
DriverGenius2011/Mydrivers.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:a1:7b:7d:f5:0f:dd:74:58:a5:8f:13:63:e3:7c:da:ec:83:f3:fe
Signer

Actual PE Digest

35:a1:7b:7d:f5:0f:dd:74:58:a5:8f:13:63:e3:7c:da:ec:83:f3:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

aaaa
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bbbb
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DriverGenius2011/Mydrivers32.SYS
.sys windows:5 windows x86 arch:x86

20826e1dcf093f3445414ce88661b73e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:97:90:f7:0b:5a:5e:06:d4:3d:7c:d8:f7:21:5a:db:d8:42:ce:66
Signer

Actual PE Digest

44:97:90:f7:0b:5a:5e:06:d4:3d:7c:d8:f7:21:5a:db:d8:42:ce:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\hwinfo64\sys\i386\HWiNFO32.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoGetDeviceObjectPointer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwDeviceIoControlFile
ZwOpenFile
RtlInitUnicodeString
memmove
_except_handler3
_alldiv
KeInitializeEvent
IoDeleteDevice
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
ExfInterlockedRemoveHeadList
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
IoAllocateIrp
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeSetEvent
MmMapIoSpace
ExAllocatePoolWithTag
_allmul
ExfInterlockedInsertTailList

hal

HalGetBusData
KfRaiseIrql
KfLowerIrql
HalSetBusDataByOffset
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/Mydrivers64A.SYS
.sys windows:5 windows x64 arch:x64

f61629d848d9d624093e8d3ddd700ee9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:84:03:47:5b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

16/07/2009, 13:59

Not After

16/07/2012, 13:59

Subject

CN=REALiX,O=REALiX,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:53:5a:b4:9a:b8:8a:7e:d5:b7:3a:f5:ac:bd:a7:b9:bf:79:77:c2
Signer

Actual PE Digest

43:53:5a:b4:9a:b8:8a:7e:d5:b7:3a:f5:ac:bd:a7:b9:bf:79:77:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

s:\hwinfo64\sys\amd64\HWiNFO32.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
KeSetEvent
IoFreeIrp
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
KeInitializeEvent
IofCompleteRequest
__C_specific_handler
IoGetDeviceObjectPointer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeReleaseSpinLock
ZwDeviceIoControlFile
ZwOpenFile
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
ExInterlockedRemoveHeadList
IoCreateSymbolicLink
IoCreateDevice
MmMapIoSpace
ExAllocatePoolWithTag
ZwClose
ExInterlockedInsertTailList

hal

HalSetBusDataByOffset
KeStallExecutionProcessor
HalGetBusDataByOffset

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/Mydrivers64I.SYS
DriverGenius2011/MydriversC.dll
.dll windows:5 windows x86 arch:x86

efd51898bac3580dbbb8b8b6ecb205f5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:c1:75:5c:38:06:1e:b8:ca:b2:d2:68:50:e5:1b:a1:ae:b8:d2:ef
Signer

Actual PE Digest

e5:c1:75:5c:38:06:1e:b8:ca:b2:d2:68:50:e5:1b:a1:ae:b8:d2:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\新建文件夹 (4)\bin\MydriversC.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
GetCurrentProcess
CreateFileA
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
WriteFile
Sleep
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcessId
InterlockedIncrement
GetModuleHandleW
GlobalGetAtomNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
SetErrorMode
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
GetModuleHandleA
GetCommandLineA
lstrlenA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualAlloc
WideCharToMultiByte

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
DestroyMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
PostQuitMessage
PostMessageA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
MessageBoxA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
DeleteDC
ScaleWindowExtEx
GetStockObject
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??4Ccrypt@@QAEAAV0@ABV0@@Z
EncryptData_

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/MydriversI.dll
.dll windows:5 windows x86 arch:x86

b11bb8e12118b8a96be19b9739bd2b41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:3b:28:47:f7:78:35:11:4f:2c:e2:b2:31:60:aa:db:09:2b:58:e2
Signer

Actual PE Digest

37:3b:28:47:f7:78:35:11:4f:2c:e2:b2:31:60:aa:db:09:2b:58:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\my_dg\DriverGenius\bin\MydriversI.pdb

Imports

kernel32

GlobalFlags
LoadLibraryExA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
GetFileType
GetConsoleCP
GetConsoleMode
GetCommandLineA
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
HeapSize
ExitProcess
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
FreeResource
HeapDestroy
VirtualFree
FatalAppExitA
GetStdHandle
SetStdHandle
GetProcessHeap
SetHandleCount
GetStartupInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
lstrcmpW
GetFileTime
GetFileSizeEx
CreateFileW
GetFileAttributesExA
SetErrorMode
SystemTimeToFileTime
lstrcmpA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetAtomNameA
GlobalGetAtomNameA
FileTimeToSystemTime
FindNextFileA
CreateEventA
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GlobalFree
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetLocaleInfoA
IsDBCSLeadByte
GlobalLock
GlobalUnlock
GetFullPathNameA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetModuleFileNameA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
SetFileAttributesW
DeleteFileW
GetTickCount
MoveFileExW
GetFileAttributesW
CreateDirectoryA
MoveFileA
GetModuleHandleA
GetSystemDirectoryW
IsProcessorFeaturePresent
GetSystemInfo
GetSystemDefaultLCID
SetCurrentDirectoryA
DeleteFileA
OpenMutexA
CreateMutexA
ReleaseMutex
GlobalAddAtomA
GlobalAlloc
OutputDebugStringA
SetLastError
GetTempPathA
InterlockedDecrement
TerminateThread
GlobalFindAtomA
GlobalDeleteAtom
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetExitCodeProcess
MultiByteToWideChar
GetPrivateProfileStringA
GetVersionExA
GetComputerNameA
lstrlenA
GetCurrentProcessId
InterlockedCompareExchange
InterlockedExchange
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
LoadLibraryA
GetProcAddress
lstrcpyA
CreateThread
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
Sleep
GetCurrentProcess
HeapCreate
CloseHandle

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
SendMessageTimeoutW
ExitWindowsEx
SendMessageA
FindWindowA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndDeferWindowPos
GetWindowTextA
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
PostMessageA
FindWindowExA
GetWindowTextW
GetWindowTextLengthW
EnumChildWindows
GetDlgCtrlID
GetWindowThreadProcessId
EnumWindows
wsprintfA
IsDlgButtonChecked
SetWindowTextA
MoveWindow
ScrollWindowEx
DestroyIcon
ClientToScreen
GetDesktopWindow
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetCursorPos
ValidateRect
CharUpperA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetKeyState
SystemParametersInfoA
IsDialogMessageA
SetForegroundWindow
ShowWindow
GetSystemMetrics
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
EndPaint
InflateRect
GetMenuItemInfoA
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
TranslateAcceleratorA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetRect
SetTimer
KillTimer
WindowFromPoint
GetDialogBaseUnits
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
GetWindowTextLengthA
UnregisterClassA

gdi32

GetTextMetricsA
GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontA
GetCharWidthA
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
CreateBitmap
CreateDCA
CopyMetaFileA
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegCreateKeyA
RegCreateKeyExA
RegSetValueA
GetUserNameA
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
QueryServiceStatus
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupPrivilegeValueW
RegOpenKeyExW
RegEnumValueA
OpenSCManagerA
OpenServiceA
RegOpenKeyA

shell32

ShellExecuteExW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
ShellExecuteW

shlwapi

StrChrW
StrCmpNW
StrRChrW
SHGetValueW
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveFileSpecW
StrCmpNIW
SHEnumKeyExW

ole32

ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
CoTaskMemAlloc
OleDuplicateData
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateGuid
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
CoDisconnectObject
CLSIDFromString
CoInitializeEx
OleRegGetUserType

oleaut32

SafeArrayPutElement
CreateErrorInfo
SafeArrayCreate
VariantInit
SysFreeString
VariantClear
VariantCopy
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreateVector
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
VariantChangeType
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
GetErrorInfo
SysAllocString
SetErrorInfo
SafeArrayDestroy

rpcrt4

UuidFromStringA
UuidToStringA
RpcStringFreeA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

patchcore

ord8
ord205
ord203
ord208
ord224
ord223
ord235
ord232
ord333
ord206
ord221
ord220

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
CM_Get_Device_ID_ExA
SetupDiGetDeviceInfoListDetailA
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExA
CM_Connect_MachineA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyClassImageList
CM_Get_DevNode_Registry_Property_ExA
CM_Get_Child_Ex
SetupDiGetClassImageIndex
CM_Get_DevNode_Status_Ex
CM_Get_DevNode_Status
SetupDiGetDeviceInstallParamsA
CM_Locate_DevNodeA
CM_Get_Sibling_Ex
SetupDiGetClassImageList
SetupGetLineByIndexA
SetupGetStringFieldA
SetupGetLineCountA
SetupGetLineTextA
SetupGetFieldCount
SetupFindFirstLineA
SetupCloseInfFile
SetupOpenInfFileA
SetupFindNextLine
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList

newdev

UpdateDriverForPlugAndPlayDevicesA

cabinet

ord14
ord13
ord10
ord11
ord22
ord21
ord23
ord20

Exports

Exports

AddFile2Cab_
Compress_
CreateCabinet_
CreateDriver
CreateRollbackDriverObj
CreateSoft
DeInitHw
Decompress_
DestroyCabinet_
DestroyDriver
DestroySoft
DevError
FindTarget
FlushCab_
GetDevicePropertyByDeviceID
GetDeviceStatus
GetDriverXMLLength
GetDriverXMLOutput
GetHardwareIDs
GetMydriversInfo
GetMydriversInfoLen
GetPrimeDeviceList
GetPrimeDeviceListStatus
GetServerRet
GetServerRetLen
GetSoft
GetSoftLen
GetTemperature
InitHw
IsDeviceExist
IsDeviceInstanceIdExist
PostDriver2ToServer
PostDriverToServer
Rescan2
ShowDeviceProperties
cmdDisable
cmdEnable
cmdInstall
cmdReboot
cmdRemove
cmdRescan
cmdStatus
cmdUpdate

Sections

.text
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/PatchCore.dll
.dll windows:4 windows x86 arch:x86

42845c35ea817bb69f9e743e7d5e1986

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:ac:a7:2b:0d:b6:d0:30:5b:84:ed:84:70:59:53:a7:c6:51:b3:c7
Signer

Actual PE Digest

b9:ac:a7:2b:0d:b6:d0:30:5b:84:ed:84:70:59:53:a7:c6:51:b3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord3953
ord561
ord535
ord2818
ord537
ord2915
ord539
ord6283
ord6282
ord860
ord6663
ord922
ord858
ord4204
ord926
ord4278
ord2764
ord4129
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord354
ord665
ord540
ord823
ord825
ord815
ord800

msvcrt

wcslen
_CxxThrowException
__CxxFrameHandler
fclose
wcstombs
strncpy
rand
srand
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

InterlockedDecrement
WaitForSingleObject
CreateProcessA
GetVersionExA
GetTickCount
DisableThreadLibraryCalls
LocalFree
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
GetLastError

user32

FindWindowExA
SendMessageA
GetDesktopWindow
wsprintfA
FindWindowA
GetSystemMetrics

advapi32

RegCloseKey
ChangeServiceConfigA
StartServiceA
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegSetValueExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA

shell32

SHFileOperationA

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
GetErrorInfo
CreateErrorInfo

msvcp60

??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?clear@ios_base@std@@QAEXH_N@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@

Exports

Exports

DeleteFiles
EnableService
ExecuteCab
GetCPUInfo
GetChipType
GetDACType
GetDescription
GetDirectXVersion
GetDiskInfo
GetDisplayMemoryEnglish
GetHDSN
GetHardInfo
GetLocalInfo2
GetLocalInfo3
GetLocalInfo4
GetMainBoard
GetManufacturer
GetMyInfo_A
GetMyInfo_B
GetMyInfo_C
GetMyInfo_D
GetMyInfo_E
GetMyInfo_F
GetMyInfo_G
GetMyInfo_H
GetPointDevice
GetRequirePatch
GetServiceStatu
GetSoftwareLicensingProduct
InitDirectInfo
InitRequirePatchNum
SetRequirePatch

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyData
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/PnpView.dll
.dll windows:5 windows x86 arch:x86

2fe264fee13dc98b5cc10435aa863995

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:40:e2:f8:1d:3a:40:35:37:2e:f9:3d:63:c7:1d:4d:7d:fa:53:0f
Signer

Actual PE Digest

6a:40:e2:f8:1d:3a:40:35:37:2e:f9:3d:63:c7:1d:4d:7d:fa:53:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Source\UsbView\Release\PnpView.pdb

Imports

kernel32

DeviceIoControl
GlobalFree
FlushFileBuffers
IsProcessorFeaturePresent
GlobalAlloc
CloseHandle
CreateFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW
ReadFile

user32

PostMessageW

cfgmgr32

CM_Get_Sibling
CM_Get_Child
CM_Get_Device_IDW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Parent

Exports

Exports

UsbRefresh

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/TaskBar.dll
.dll windows:4 windows x86 arch:x86

e910a9ced582afead273c3f0874ce2bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:9e:b0:3a:5c:2f:83:33:86:f4:ef:81:77:fa:ed:a7:b6:89:38:d3
Signer

Actual PE Digest

ff:9e:b0:3a:5c:2f:83:33:86:f4:ef:81:77:fa:ed:a7:b6:89:38:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
GetCommandLineA
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RtlUnwind
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetLastError
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetVersionExA
LocalAlloc
lstrcpynA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
SetLastError
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrlenA
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
Sleep
HeapCreate

user32

SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetActiveWindow
GetMessageA
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
UnregisterClassA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
LoadIconA
MapWindowPoints
GetFocus
SetFocus
AdjustWindowRectEx
GetTopWindow
MessageBoxA
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
FindWindowExA
GetClientRect
SetClassLongA
GetClassLongA
SetTimer
RedrawWindow
SetRect
MoveWindow
InvalidateRect
GetSysColor
CloseWindow
GetDesktopWindow
EnableWindow
SendMessageA
ClientToScreen
IsWindow
PostMessageA
IsWindowVisible
KillTimer
CopyRect
GetDlgCtrlID

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
SelectObject
DeleteObject
CreateFontA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

Exports

Exports

GetTaskBarType
InitTaskBar
ReleaseTaskBar
SetParentWindow
SetTaskBarPos
ShowTaskBar
SwitchTaskBarType
TaskBarIsVisable

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/WhatsNew.txt
DriverGenius2011/cfg/hotfix.ini
DriverGenius2011/cfg/softmgr.ini
DriverGenius2011/config.ini
DriverGenius2011/default.dll
.png
DriverGenius2011/deskhlp.dll
.dll windows:5 windows x86 arch:x86

87d1156e48e646b04164b09bb93f948d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:cc:40:6b:8c:20:b3:26:81:ee:a6:5a:88:cb:1f:b4:2b:da:12
Signer

Actual PE Digest

5f:a2:cc:40:6b:8c:20:b3:26:81:ee:a6:5a:88:cb:1f:b4:2b:da:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\my_dg\DriverGenius\bin\deskhlp.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GlobalAddAtomW
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GlobalFindAtomW
GetVersionExW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

user32

GetWindowRect
FindWindowExW
RedrawWindow
SetParent
MoveWindow
SetRect

advapi32

RegCloseKey
RegOpenKeyExW

shell32

SHLoadInProc

ole32

StringFromGUID2
CLSIDFromString
CoCreateInstance

Exports

Exports

CreateDeskbar
DeskbandInstalled
HideDeskband
ShowDeskband

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/dgvul.dll
.dll windows:4 windows x86 arch:x86

68d92a6206bfb6272aa09ad61317fc3f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:48:07:0d:df:bb:a0:98:a4:ba:08:a2:c4:c2:79:83:72:c4:36:1d
Signer

Actual PE Digest

e8:48:07:0d:df:bb:a0:98:a4:ba:08:a2:c4:c2:79:83:72:c4:36:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Source\vulfix + softmgr + libdownload + vulx(from kszz) - 0216 -2\bin\release\dgvul.pdb

Imports

kernel32

GetModuleFileNameW
SetFileAttributesW
CreateDirectoryW
GetVersionExW
GetFileAttributesW
CloseHandle
ExpandEnvironmentStringsW
CreateFileW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
FindNextFileW
FindClose
ExitThread
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetProcessTimes
GetSystemDefaultUILanguage
GetLastError
GetFileAttributesA
FindFirstFileW
SetLastError
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
LoadLibraryA
RtlUnwind
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LocalFree
MoveFileExA
GetExitCodeThread
SuspendThread
TerminateThread
GetThreadLocale
SetThreadLocale
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
FileTimeToSystemTime
CreateThread
WaitForSingleObject
GetWindowsDirectoryW
Sleep
DeleteFileW
FreeLibrary
SetEvent
ReadFile
CreateEventW
GetModuleHandleW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetLocalTime
WideCharToMultiByte
WriteFile
SetFilePointer
GetFileSize
MultiByteToWideChar
GetPrivateProfileIntW
MoveFileW
lstrlenW
lstrlenA
GetTempPathW
GetTempFileNameW
MoveFileExW
CreateProcessW
GetExitCodeProcess
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
IsValidSid
SetNamedSecurityInfoW
GetLengthSid
GetNamedSecurityInfoW
CopySid
GetSidSubAuthority
InitializeSid
GetAce
GetSidLengthRequired
GetAclInformation
AddAce
InitializeAcl

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleRun

oleaut32

SysAllocStringLen
SysFreeString
GetErrorInfo
VariantInit
VariantChangeType
VariantClear
SysAllocString

shlwapi

PathAppendA
PathAppendW
PathStripToRootW
StrCmpNIW
PathFindFileNameW
SHEnumKeyExW
SHEnumValueW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
SHDeleteValueW
StrCmpNW
StrRChrW
PathFileExistsA
SHGetValueW
SHSetValueW

wininet

InternetOpenW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

UnregisterClassA

Exports

Exports

CreateObject
CreateObjectEx
CreateRepairVul
CreateSoftVulFix
CreateUpdateHelper
CreateVulFix
CreateVulFixed
ExpressScanLeak
VulInfo

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/dgvulx.dll
.dll windows:4 windows x86 arch:x86

9a8c0bcc830a0255ad21b49233cfe5e6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:65:c1:39:fc:86:6e:df:00:37:c3:e6:a4:61:4b:49:6b:1e:75:72
Signer

Actual PE Digest

69:65:c1:39:fc:86:6e:df:00:37:c3:e6:a4:61:4b:49:6b:1e:75:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Source\vulfix + softmgr + libdownload + vulx(from kszz) - 0216 -2\bin\release\dgvulx.pdb

Imports

patchcore

ord236
ord237

kernel32

GetModuleFileNameW
FreeLibrary
LoadLibraryW
lstrlenW
LoadLibraryExW
CloseHandle
GetProcAddress
lstrcmpW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
FindResourceW
HeapCreate
ExitProcess
LeaveCriticalSection
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetModuleHandleA
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalAlloc
GetThreadLocale
GetTempFileNameW
GetTempPathW
CreateToolhelp32Snapshot
LoadResource
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
WritePrivateProfileSectionW
GetCurrentThreadId
SizeofResource
GetLastError
EnterCriticalSection
GetVersion
GetWindowsDirectoryW
GetCurrentProcessId
SetEndOfFile
CreateProcessW
GetSystemTimeAsFileTime
InterlockedExchange
SetFilePointer
GetSystemWindowsDirectoryW
GetDriveTypeW
GetFileAttributesExW
SystemTimeToFileTime
Sleep
GetSystemDirectoryW
GetSystemInfo
SetEvent
CreateEventW
CreateDirectoryW
GetFileAttributesW
LocalFree
ExpandEnvironmentStringsW
GetFullPathNameW
GetLocalTime
WriteFile
GetTickCount
GetVersionExW
Process32NextW
GetStringTypeW
Process32FirstW
SetFileAttributesW
MoveFileW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceExW
WaitForSingleObject
TerminateThread
GetExitCodeThread
CreateThread
DeleteCriticalSection
RaiseException
FlushInstructionCache
InitializeCriticalSection
InterlockedDecrement
GetFileSize
GetModuleHandleW
MultiByteToWideChar
lstrlenA
InterlockedIncrement
FreeResource
SetLastError
GlobalAlloc
FindResourceExW
LockResource
ReadFile
MulDiv
GlobalLock
GlobalUnlock
lstrcmpiW
WideCharToMultiByte
CreateFileW
GetCurrentProcess
OutputDebugStringW

user32

SendMessageW
IsChild
CopyRect
RegisterWindowMessageW
SetWindowPos
GetFocus
ScrollWindow
MoveWindow
IsWindow
SetWindowLongW
UnregisterClassA
ExitWindowsEx
ClientToScreen
CharNextW
PtInRect
DestroyWindow
LoadCursorW
GetClassNameW
SetCursor
DestroyAcceleratorTable
IsRectEmpty
InvalidateRect
GetKeyState
ReleaseDC
GetDlgCtrlID
GetWindowRect
DrawFrameControl
ScreenToClient
CreateWindowExW
LoadImageW
SetRect
RegisterClassExW
ShowWindow
GetParent
GetCursorPos
CreateAcceleratorTableW
LoadIconW
GetScrollPos
GetForegroundWindow
SetTimer
CallWindowProcW
GetClassInfoExW
DestroyIcon
OffsetRect
GetWindowLongW
GetSysColor
InflateRect
EndPaint
LoadBitmapW
GetDlgItem
IsWindowVisible
KillTimer
GetDC
GetDesktopWindow
SetCapture
EqualRect
FillRect
SetWindowTextW
HideCaret
SetScrollInfo
ValidateRect
GetScrollInfo
BringWindowToTop
IsIconic
SetScrollPos
FindWindowW
ShowScrollBar
PostThreadMessageW
SetActiveWindow
DispatchMessageW
GetWindowDC
TranslateMessage
GetMessageW
MessageBoxW
SystemParametersInfoW
PeekMessageW
MapWindowPoints
EnableWindow
GetActiveWindow
MonitorFromWindow
SetWindowRgn
PostMessageW
IsWindowEnabled
GetMonitorInfoW
SetFocus
DrawIconEx
GetWindow
GetWindowTextLengthW
GetSystemMetrics
DrawTextW
FindWindowExW
DefWindowProcW
RedrawWindow
InvalidateRgn
ReleaseCapture
BeginPaint
GetWindowTextW
GetClientRect

gdi32

GetPixel
OffsetRgn
SetRectRgn
SelectClipRgn
RectInRegion
GetTextExtentPoint32W
RoundRect
GetTextMetricsW
CreateRectRgn
SetBkMode
GetClipRgn
TextOutW
CreateSolidBrush
CreateFontIndirectW
GetBkMode
RestoreDC
GetDeviceCaps
GetObjectW
GetStockObject
GetTextColor
DeleteDC
CreatePen
ExtTextOutW
SaveDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
CreateBitmap
StretchBlt
LineTo
Rectangle
CombineRgn
SetBkColor
DeleteObject
BitBlt
SetTextColor
MoveToEx
CreateRectRgnIndirect
CreateFontW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
ChangeServiceConfig2W
QueryServiceLockStatusW
ChangeServiceConfigW
CreateServiceW
LockServiceDatabase
QueryServiceConfigW
QueryServiceStatus
UnlockServiceDatabase
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetAce
RegEnumKeyExW
RegQueryInfoKeyW
OpenServiceW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW

shell32

ShellExecuteW
SHGetFileInfoA
SHGetSpecialFolderPathW
SHFileOperationW
SHBrowseForFolderW
ExtractIconExW
ord165
SHChangeNotify
SHGetPathFromIDListW

ole32

CoCreateGuid
CLSIDFromString
OleInitialize
CLSIDFromProgID
OleLockRunning
OleUninitialize
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringLen
LoadTypeLi
VarBstrCmp
DispCallFunc
VariantInit
VariantClear
OleCreateFontIndirect
SysAllocString
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysStringByteLen

shlwapi

PathStripToRootW
PathAddBackslashW
PathFindFileNameW
PathFileExistsA
StrToIntW
StrToIntA
PathFileExistsW
PathAppendW
PathIsDirectoryW
StrRChrW
StrCmpNIW
StrCmpNW
StrStrIA
PathRemoveFileSpecW
StrFormatByteSizeW
SHGetValueW
SHSetValueW

comctl32

ImageList_AddMasked
_TrackMouseEvent
ImageList_Create

gdiplus

GdipLoadImageFromFile
GdipDrawLineI
GdipCreateTexture2I
GdipDeletePen
GdipCreatePen1
GdipTranslateTextureTransform
GdipLoadImageFromFileICM
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipLoadImageFromStream
GdipDrawImageRectI
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipAlloc
GdipFree
GdiplusShutdown
GdipCloneBrush
GdipDrawImageI
GdipDeleteBrush
GdiplusStartup
GdipDisposeImage
GdipDrawImageRectRect
GdipCloneImage
GdipCreateSolidFill
GdipFillRectangleI

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

InitSoftMgr
InitVulfix
Knvulfix_Info
Knvulfix_XReflectNotifications

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/drvbak.dll
.dll windows:5 windows x86 arch:x86

155d7f2c600e83232766f69afbe4dc3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:ad:e8:8e:85:5e:52:21:8a:8c:73:12:e4:5a:4e:40:cd:e6:85:3c
Signer

Actual PE Digest

08:ad:e8:8e:85:5e:52:21:8a:8c:73:12:e4:5a:4e:40:cd:e6:85:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\my_dg\DriverGenius\bin\drvbak.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
GetEnvironmentVariableW
CopyFileW
MultiByteToWideChar
GetSystemInfo
FindFirstFileW
FindClose
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
CreateDirectoryW
GetFileAttributesW
GetTickCount
CreateFileA
SizeofResource
Sleep
InterlockedExchange
GetSystemDirectoryW
InterlockedCompareExchange
GetWindowsDirectoryW
CloseHandle
GetModuleHandleW
GetProcAddress
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
VirtualAlloc
VirtualFree
GetVersionExW
GetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

StrChrW
PathFileExistsW
StrCmpNIW
StrCmpNW
StrRChrW

setupapi

SetupGetLineByIndexW
SetupGetLineCountW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupGetFieldCount
SetupFindNextLine
SetupCloseInfFile
SetupOpenInfFileW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiOpenDeviceInfoW
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupFindFirstLineW

Exports

Exports

CreateBackupObj

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/drvdown.dll
.dll windows:5 windows x86 arch:x86

977903a3dd833486fe6d7dd16c337f63

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:39:a4:d5:fc:71:32:b1:b6:f8:11:6e:20:aa:38:e1:45:df:12:58
Signer

Actual PE Digest

a2:39:a4:d5:fc:71:32:b1:b6:f8:11:6e:20:aa:38:e1:45:df:12:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\my_dg\DriverGenius\bin\drvdown.pdb

Imports

kernel32

CreateEventW
SetEvent
WaitForSingleObject
WaitForMultipleObjects
DeleteFileW
MoveFileExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
GetTickCount
GetDiskFreeSpaceExW
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
CreateWaitableTimerW
SetWaitableTimer
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntW
GetPrivateProfileStringW
GetVersionExW
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
SetLastError
LocalFree
GetLastError
CloseHandle
ReadFile
InterlockedCompareExchange
SetFilePointer
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
GetModuleHandleA
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
ExitThread
CreateThread
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo

user32

SendMessageW

advapi32

RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetAce
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryValueExW

shlwapi

StrCmpNIW
PathGetDriveNumberW
PathFileExistsW
StrCmpNW
StrRChrW

wininet

InternetCrackUrlW
InternetSetStatusCallbackW
InternetCloseHandle
HttpEndRequestW
InternetReadFileExA
InternetOpenW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetQueryOptionW
HttpSendRequestExW

Exports

Exports

GetDownloadedFileLength
NewTask

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/ksoft/softmgr.dll
.dll windows:4 windows x86 arch:x86

3479323d96302d7baed964f1ffdca032

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Source\vulfix + softmgr + libdownload + vulx(from kszz) - 0216 -2\bin\release\softmgr.pdb

Imports

kernel32

CreateEventA
LockResource
LoadResource
HeapFree
GetProcessHeap
FindResourceExW
HeapAlloc
FreeLibrary
GetProcAddress
GetFileAttributesW
GetEnvironmentVariableW
CopyFileW
GetCurrentProcessId
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
OutputDebugStringW
FindFirstFileW
FindNextFileW
WideCharToMultiByte
FindClose
lstrlenA
MultiByteToWideChar
lstrlenW
SetThreadLocale
GetLogicalDriveStringsW
SetFilePointer
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Sleep
Process32NextW
MoveFileExW
GetTempPathW
SizeofResource
RaiseException
lstrcmpiW
ReadProcessMemory
VirtualFreeEx
CreateProcessW
MoveFileW
GetModuleFileNameW
GetSystemDirectoryW
OpenProcess
RemoveDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
LoadLibraryW
GetCurrentDirectoryW
GetTempFileNameW
ExpandEnvironmentStringsW
GetFullPathNameW
GetProcessTimes
GetVersionExW
FindFirstFileExW
WaitForMultipleObjects
GetLongPathNameW
GetModuleHandleW
GetCurrentProcess
GetFileAttributesExW
LCMapStringW
FindResourceW
LocalFree
FormatMessageA
LoadLibraryA
GetVersion
GetLastError
DeleteFileW
GetFileSize
InterlockedIncrement
WriteFile
ReadFile
CreateFileW
TerminateThread
WaitForSingleObject
ResumeThread
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
SetEvent
CloseHandle
InterlockedDecrement
VirtualAllocEx
SetEnvironmentVariableA
SetEndOfFile
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentDirectoryA
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetCPInfo
RtlUnwind
CreateDirectoryW
SetFileAttributesW
SetLastError
GetTickCount
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
GetCommandLineA
GetStringTypeA

user32

UnregisterClassA
SendMessageW
GetWindowThreadProcessId
FindWindowExW
GetDesktopWindow
FindWindowW

advapi32

RegQueryValueExW
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
RegDeleteValueW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

StrCmpW
PathCombineW
PathIsDirectoryW
PathFileExistsW
SHDeleteKeyW
SHDeleteValueW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
StrStrNIW
PathFindExtensionW
PathRemoveBackslashW
PathFileExistsA
StrCmpNW
StrRChrW
StrCmpNIW
StrStrIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

sqlite3

sqlite3_step
sqlite3_finalize
sqlite3_column_count
sqlite3_column_text16
sqlite3_column_name16
sqlite3_bind_text16
sqlite3_reset
sqlite3_column_blob
sqlite3_prepare16_v2
sqlite3_close
sqlite3_column_int
sqlite3_open16
sqlite3_bind_blob

Exports

Exports

CreateSoftMgrObject
CreateUpdateHelper
SoftInfo

Sections

.text
Size: 700KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/libScheduler.dll
.dll windows:4 windows x86 arch:x86

2628bcaf15335890700d1330bc2d6675

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:3e:85:e3:46:91:c8:10:67:af:93:cd:ce:6c:a5:d8:16:21:7e:15
Signer

Actual PE Digest

3b:3e:85:e3:46:91:c8:10:67:af:93:cd:ce:6c:a5:d8:16:21:7e:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\DelphiVersion\DriverGenius\schedule\c#\libScheduler\release\libScheduler.pdb

Imports

kernel32

GetCurrentDirectoryA
GetComputerNameA
InterlockedDecrement
FlushFileBuffers
CloseHandle
CreateFileA
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

GetUserNameA

ole32

CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

Exports

Exports

??0ClibScheduler@@QAE@XZ
??4ClibScheduler@@QAEAAV0@ABV0@@Z
AddDrivergeniusCheckService
AddDrivergeniusCheckServiceXP
DelDrivergeniusCheckService
DelDrivergeniusCheckServiceXP

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/sqlite3.dll
.dll windows:4 windows x86 arch:x86

f374cefaf6cc24a19345fa2d7aad4b05

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:41:0e:34:9e:92:0c:54:2c:e0:cc:43:54:2e:0b:b2:e1:af:d9:b0
Signer

Actual PE Digest

21:41:0e:34:9e:92:0c:54:2c:e0:cc:43:54:2e:0b:b2:e1:af:d9:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
GetVersionExA
CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryA
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DriverGenius2011/zlib1.dll
.dll windows:4 windows x86 arch:x86

007c3e6d617b75c529b6eb2742337a72

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e0:c8:08:37:ab:ff:ed:3d:eb:a9:2d:93:46:61:79:a0:b3:e7:da
Signer

Actual PE Digest

79:e0:c8:08:37:ab:ff:ed:3d:eb:a9:2d:93:46:61:79:a0:b3:e7:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
Sleep
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
LoadLibraryA
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
SetEndOfFile

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 290KB - Virtual size: 290KB

d9b614ded403577bde60a663d4547144

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18Certificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

1f:7a:35:4f:97:2b:98:e8:e3:60:79:d7:ed:48:bc:f0:d4:94:08:24Signer

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

dc8e6588a99ab1a2ea66fe4fde8971f3

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:21:23:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

67:03:36:54:e0:aa:6c:86:f3:ca:99:92:4b:ac:79:ff:45:6f:a2:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

setupapi

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 290KB - Virtual size: 290KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

1f:7a:35:4f:97:2b:98:e8:e3:60:79:d7:ed:48:bc:f0:d4:94:08:24
Signer

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:21:23:00:00:00:00:00:06
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

67:03:36:54:e0:aa:6c:86:f3:ca:99:92:4b:ac:79:ff:45:6f:a2:6b
Signer

.text
Size: 281KB - Virtual size: 281KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

53:56:11:23:c8:82:ba:f7:cf:48:44:af:42:b8:0a:fa:83:c3:db:c1
Signer

.text
Size: 139KB - Virtual size: 140KB

.data
Size: 30KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 8KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.itext
Size: 7KB - Virtual size: 7KB

.data
Size: 46KB - Virtual size: 46KB

.bss
Size: - Virtual size: 26KB

.idata
Size: 17KB - Virtual size: 18KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 15B - Virtual size: 24B

.reloc
Size: - Virtual size: 148KB

.!rc!
Size: - Virtual size: 5.0MB

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate