cb109de4488291e9a6e9885d76f38a4b

Sharing

Copy URL

Twitter E-mail

General

Target

cb109de4488291e9a6e9885d76f38a4b
Size

352KB
MD5

cb109de4488291e9a6e9885d76f38a4b
SHA1

cb3f2a50a6b9c2fec6c294c654eb09ebd041cd95
SHA256

67001c8f5a37c1ccd2d1750f21e28d372a8639c330aafbae111a5956c942b71a
SHA512

545df31181da875fabc0f7f824ea35e48da47411a864e5c5cb1950f8046d7c85397a3eb4242bf5e8e8584184529fc573ace8c04d791032d60ca75d93c1e1f28c
SSDEEP

6144:vVlJNUDRYQiOFgl56IknFlSUo5a6WsYUfNUDRYQix+Xcjp3NUDRYQi6QC+sKZfai:NnNUdYiGlZIllos6CUfNUdYl13NUdYu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/driver/vista/setupdrv.exe
unpack001/driver/w2K/setupdrv.exe
unpack001/driver/xp/setupdrv.exe

Files

cb109de4488291e9a6e9885d76f38a4b
.zip
driver/vista/driver/mv2.cat
driver/vista/driver/mv2.dll
.dll windows:6 windows x86 arch:x86

03d53cf152ee4118997068de8ef776ae

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:9f:6e:33:5f:de:23:6b:81:f9:db:0d:42:f1:48:4b:7b:10:d7:74
Signer

Actual PE Digest

d7:9f:6e:33:5f:de:23:6b:81:f9:db:0d:42:f1:48:4b:7b:10:d7:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\winddk\6000\src\video\displays\mv2_vncdrv\objfre_wlh_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
EngBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista/driver/mv2.inf
driver/vista/driver/mv2.sys
.sys windows:6 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00
Signer

Actual PE Digest

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wlh_x86\i386\mv2.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista/install.bat
driver/vista/install_silent.bat
driver/vista/license.txt
driver/vista/setupdrv.exe
.exe windows:4 windows x86 arch:x86

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupDiGetDeviceInstallParamsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
SetStdHandle
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LockResource
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
RaiseException
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA

user32

SendMessageA
FindWindowA
CharNextA
EnumDisplayDevicesA
EnumDisplaySettingsA
GetSystemMetrics
MessageBoxA
LoadStringA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/vista/uninstall.bat
driver/vista/uninstall_silent.bat
driver/vista64/driver/mv2.cat
driver/vista64/driver/mv2.dll
.dll windows:6 windows x64 arch:x64

09b4a861ac1259f69d423ebbb4c3a1a9

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:c9:cc:1b:21:18:10:c9:db:57:85:3b:08:51:7e:8e:fa:a7:6d:ce
Signer

Actual PE Digest

17:c9:cc:1b:21:18:10:c9:db:57:85:3b:08:51:7e:8e:fa:a7:6d:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\winddk\6000\src\video\displays\mv2_vncdrv\objfre_wlh_amd64\amd64\mv2.pdb

Imports

win32k.sys

EngLineTo
EngDeleteSurface
EngPlgBlt
EngCopyBits
EngGradientFill
EngUnmapFile
EngCreateDeviceSurface
EngModifySurface
EngStrokePath
EngAllocMem
CLIPOBJ_cEnumStart
EngStretchBltROP
CLIPOBJ_bEnum
EngTransparentBlt
EngAlphaBlend
EngBitBlt
EngStretchBlt
EngTextOut
EngDeleteFile
EngFillPath
EngStrokeAndFillPath
EngMapFile
EngFreeMem
EngCreatePalette
PALOBJ_cGetColors
EngDeletePalette
EngBugCheckEx

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista64/driver/mv2.inf
driver/vista64/driver/mv2.sys
.sys windows:6 windows x64 arch:x64

8201f3349e7fca04a64640d8bac5a3a6

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:49:3c:b6:b6:be:da:b7:e8:3e:2b:8d:ec:19:56:92:7a:57:9a:6a
Signer

Actual PE Digest

a9:49:3c:b6:b6:be:da:b7:e8:3e:2b:8d:ec:19:56:92:7a:57:9a:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wlh_amd64\amd64\mv2.pdb

Imports

ntoskrnl.exe

KeBugCheckEx

videoprt.sys

VideoPortInitialize
VideoPortZeroMemory

Sections

.text
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista64/install.bat
driver/vista64/install_silent.bat
driver/vista64/license.txt
driver/vista64/setupdrv.exe
.exe windows:5 windows x64 arch:x64

7527b5d13d9aacb2dbaa1f9c76b907b2

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10-04-2007 11:28

Not After

10-04-2009 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 12:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 09:00

Not After

27-01-2014 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6
Signer

Actual PE Digest

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
HeapSize
GetLocaleInfoA
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
SetStdHandle
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
LockResource
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
LoadLibraryA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
Sleep
GetModuleHandleW
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextA
LoadStringA
SendMessageA
FindWindowA
EnumDisplayDevicesA
EnumDisplaySettingsA
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/vista64/uninstall.bat
driver/vista64/uninstall_silent.bat
driver/w2K/driver/mv2.cat
driver/w2K/driver/mv2.dll
.dll windows:5 windows x86 arch:x86

cf30aa1dec57684bab2a6d4ee75a9479

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:68:c9:ca:2a:5a:a8:4a:a3:33:ca:36:eb:61:19:51:72:01:e2:ff
Signer

Actual PE Digest

1f:68:c9:ca:2a:5a:a8:4a:a3:33:ca:36:eb:61:19:51:72:01:e2:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WinDDK\3790\src\video\displays\mv2_vncdrv\objfre_w2K_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/w2K/driver/mv2.inf
driver/w2K/driver/mv2.sys
.dll windows:5 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:8a:64:1a:1e:da:67:fd:cc:0c:e4:13:20:4a:fc:a1:92:9e:1a:3e
Signer

Actual PE Digest

6a:8a:64:1a:1e:da:67:fd:cc:0c:e4:13:20:4a:fc:a1:92:9e:1a:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\winddk\3790~1.183\src\video\displays\mirror2\mini\objfre_w2K_x86\i386\vncdrv.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Exports

Exports

DriverEntry

Sections

.text
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 128B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/w2K/install.bat
driver/w2K/install_silent.bat
driver/w2K/license.txt
driver/w2K/setupdrv.exe
.exe windows:4 windows x86 arch:x86

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupDiGetDeviceInstallParamsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
SetStdHandle
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LockResource
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
RaiseException
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA

user32

SendMessageA
FindWindowA
CharNextA
EnumDisplayDevicesA
EnumDisplaySettingsA
GetSystemMetrics
MessageBoxA
LoadStringA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/w2K/uninstall.bat
driver/w2K/uninstall_silent.bat
driver/xp/driver/mv2.cat
driver/xp/driver/mv2.dll
.dll windows:5 windows x86 arch:x86

cf30aa1dec57684bab2a6d4ee75a9479

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:09:97:8f:8b:fd:a2:53:fd:57:91:35:31:29:3b:f2:65:54:8a:44
Signer

Actual PE Digest

7b:09:97:8f:8b:fd:a2:53:fd:57:91:35:31:29:3b:f2:65:54:8a:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WinDDK\3790\src\video\displays\mv2_vncdrv\objfre_wxp_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/driver/mv2.inf
driver/xp/driver/mv2.sys
.sys windows:6 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:21:e3:7e:c2:c6:84:89:e7:6d:5e:ca:04:da:35:16:b9:43:27:5f
Signer

Actual PE Digest

1e:21:e3:7e:c2:c6:84:89:e7:6d:5e:ca:04:da:35:16:b9:43:27:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/install.bat
driver/xp/install_silent.bat
driver/xp/license.txt
driver/xp/setupdrv.exe
.exe windows:4 windows x86 arch:x86

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupDiGetDeviceInstallParamsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
SetStdHandle
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LockResource
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
RaiseException
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA

user32

SendMessageA
FindWindowA
CharNextA
EnumDisplayDevicesA
EnumDisplaySettingsA
GetSystemMetrics
MessageBoxA
LoadStringA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/xp/uninstall.bat
driver/xp/uninstall_silent.bat
driver/xp64/driver/mv2.cat
driver/xp64/driver/mv2.dll
.dll windows:5 windows x64 arch:x64

5a75dbd7f39967010cce979b5978e34d

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:29:56:be:15:77:96:f0:34:9b:9c:d9:30:d5:09:51:b6:2f:69:bd
Signer

Actual PE Digest

47:29:56:be:15:77:96:f0:34:9b:9c:d9:30:d5:09:51:b6:2f:69:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WinDDK\3790\src\video\displays\mv2_vncdrv\objfre_wnet_AMD64\amd64\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
RtlFillMemory

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp64/driver/mv2.inf
driver/xp64/driver/mv2.sys
.sys windows:6 windows x64 arch:x64

8201f3349e7fca04a64640d8bac5a3a6

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2011 17:15

Not After

18-03-2014 17:15

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:a3:ab:f9:9c:24:e2:7d:86:39:b2:ff:8a:74:df:44:a0:34:45:08
Signer

Actual PE Digest

df:a3:ab:f9:9c:24:e2:7d:86:39:b2:ff:8a:74:df:44:a0:34:45:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wnet_amd64\amd64\mv2.pdb

Imports

ntoskrnl.exe

KeBugCheckEx

videoprt.sys

VideoPortInitialize
VideoPortZeroMemory

Sections

.text
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp64/install.bat
driver/xp64/install_silent.bat
driver/xp64/license.txt
driver/xp64/setupdrv.exe
.exe windows:5 windows x64 arch:x64

7527b5d13d9aacb2dbaa1f9c76b907b2

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10-04-2007 11:28

Not After

10-04-2009 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 12:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 09:00

Not After

27-01-2014 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6
Signer

Actual PE Digest

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
HeapSize
GetLocaleInfoA
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
SetStdHandle
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
LockResource
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
LoadLibraryA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
Sleep
GetModuleHandleW
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextA
LoadStringA
SendMessageA
FindWindowA
EnumDisplayDevicesA
EnumDisplaySettingsA
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/xp64/uninstall.bat
driver/xp64/uninstall_silent.bat

Sharing

General

Malware Config

Signatures

Files

03d53cf152ee4118997068de8ef776ae

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2e:ca:04:f7:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

d7:9f:6e:33:5f:de:23:6b:81:f9:db:0d:42:f1:48:4b:7b:10:d7:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

win32k.sys

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 625B

.data Size: 1024B - Virtual size: 832B

INIT Size: 1024B - Virtual size: 626B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 1024B - Virtual size: 520B

518167d6aeefde1975592d28cbae7110

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2e:ca:04:f7:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

videoprt.sys

Sections

.text Size: 512B - Virtual size: 188B

.rdata Size: 512B - Virtual size: 158B

.data Size: 512B - Virtual size: 8B

INIT Size: 512B - Virtual size: 238B

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 86B

f4a7b11877d1f4e6c4a128894847394e

Headers

File Characteristics

Imports

version

setupapi

kernel32

user32

advapi32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

d7:9f:6e:33:5f:de:23:6b:81:f9:db:0d:42:f1:48:4b:7b:10:d7:74
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 625B

.data
Size: 1024B - Virtual size: 832B

INIT
Size: 1024B - Virtual size: 626B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 1024B - Virtual size: 520B

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00
Signer

.text
Size: 512B - Virtual size: 188B

.rdata
Size: 512B - Virtual size: 158B

.data
Size: 512B - Virtual size: 8B

INIT
Size: 512B - Virtual size: 238B

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 86B

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

17:c9:cc:1b:21:18:10:c9:db:57:85:3b:08:51:7e:8e:fa:a7:6d:ce
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1024B - Virtual size: 738B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 136B

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2e:ca:04:f7:a4
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

a9:49:3c:b6:b6:be:da:b7:e8:3e:2b:8d:ec:19:56:92:7a:57:9a:6a
Signer

.text
Size: 512B - Virtual size: 352B

.rdata
Size: 512B - Virtual size: 204B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 24B

INIT
Size: 512B - Virtual size: 288B

.rsrc
Size: 1024B - Virtual size: 912B

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate