hidusbf[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hidusbf.zip
Size

365KB
MD5

1f6a405c16895d7927b22c3800365988
SHA1

249f272fe2d77652c5d2866f8eb101ef7c4d0362
SHA256

7ddd90b75a88d932846ad1a691834b335f8084fcbac4855644e78fe52d42095f
SHA512

28539c548df7d560ad7929ff63b7c44803680c027cd93bbbd81ea20bfc2662fdeee7d59bf73aeddb8b42072f828f1f2982026c1358d6d799adf4fc5e999b93df
SSDEEP

6144:y02qfv02qYpsVpJ/J2K4Fu+i5RpIdFMlSxqxKuyflJRxZO7/GvUN:y0lfv0lYmLJ/JBN+iX2dxQyf/qVN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DRIVER/98ME/hidusbf.sys

Files

hidusbf.zip
.zip

Password: infected
DRIVER/1kHz.cmd
DRIVER/2kHz-4kHz.cmd
DRIVER/4kHz-8kHz.cmd
DRIVER/98ME/hidusbf.sys
.sys windows:4 windows x86 arch:x86

a4854a4d8aeca1a6f1a6ecad1dafa6de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoCreateDevice
_except_handler3
IoDeleteDevice
IoDetachDevice
ZwQueryValueKey
PoCallDriver
PoStartNextPowerIrp
IofCompleteRequest
KeInitializeEvent
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
ExFreePool

usbd.sys

_USBD_ParseDescriptors@16

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 672B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/AMD64/1khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

2381c1ee5c1461ef217df28364930cee

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6
Signer

Actual PE Digest

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6

Digest Algorithm

sha256

PE Digest Matches

true

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67
Signer

Actual PE Digest

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/AMD64/2khz-4khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

84541687f18e3ffb4f8fe04db5f18fde

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:da:71:3b:27:da:28:a7:37:18:c6:b0:9d:c2:61:7e:8e:23:54:50:ef:11:ca:64:0d:d7:f4:89:1b:10:22:2a
Signer

Actual PE Digest

07:da:71:3b:27:da:28:a7:37:18:c6:b0:9d:c2:61:7e:8e:23:54:50:ef:11:ca:64:0d:d7:f4:89:1b:10:22:2a

Digest Algorithm

sha256

PE Digest Matches

true

be:5e:bd:40:f8:54:5d:71:98:6e:fd:32:80:63:7a:a8:51:0a:4d:3a
Signer

Actual PE Digest

be:5e:bd:40:f8:54:5d:71:98:6e:fd:32:80:63:7a:a8:51:0a:4d:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/AMD64/4khz-8khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

84541687f18e3ffb4f8fe04db5f18fde

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:58:48:66:65:a4:56:dc:bb:06:68:49:39:fe:bb:c9:5a:9b:f5:47:0a:55:84:d1:23:5b:ef:7b:06:6f:06:cc
Signer

Actual PE Digest

3e:58:48:66:65:a4:56:dc:bb:06:68:49:39:fe:bb:c9:5a:9b:f5:47:0a:55:84:d1:23:5b:ef:7b:06:6f:06:cc

Digest Algorithm

sha256

PE Digest Matches

true

df:02:03:ec:56:95:cd:8b:04:52:4b:0e:df:ca:49:54:03:52:e4:a4
Signer

Actual PE Digest

df:02:03:ec:56:95:cd:8b:04:52:4b:0e:df:ca:49:54:03:52:e4:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/AMD64/hidusbf.sys
.sys windows:5 windows x64 arch:x64

2381c1ee5c1461ef217df28364930cee

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6
Signer

Actual PE Digest

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6

Digest Algorithm

sha256

PE Digest Matches

true

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67
Signer

Actual PE Digest

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/AMD64/nopatch/hidusbf.sys
.sys windows:5 windows x64 arch:x64

cfedb7338b9798a1a4e6640e5a6e1937

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:91:56:f9:e4:3e:76:de:06:f3:d1:b9:7e:d3:42:09:fc:e6:9e:11:70:68:61:bb:8a:0e:00:46:d1:d8:d4:3d
Signer

Actual PE Digest

23:91:56:f9:e4:3e:76:de:06:f3:d1:b9:7e:d3:42:09:fc:e6:9e:11:70:68:61:bb:8a:0e:00:46:d1:d8:d4:3d

Digest Algorithm

sha256

PE Digest Matches

true

89:57:b6:c1:c1:df:36:b3:45:a2:75:ea:41:43:2a:5b:d5:3c:3a:20
Signer

Actual PE Digest

89:57:b6:c1:c1:df:36:b3:45:a2:75:ea:41:43:2a:5b:d5:3c:3a:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
__C_specific_handler
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
ZwQueryValueKey
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
ExFreePool

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 128B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/HIDUSBF.INF
DRIVER/HIDUSBFU.INF
DRIVER/NTX86/1khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

b61c22861a2bc08dffd66e3957b1bb4d

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be
Signer

Actual PE Digest

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be

Digest Algorithm

sha256

PE Digest Matches

true

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c
Signer

Actual PE Digest

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/NTX86/2khz-4khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

34af1360f83df6c59c2f28d9cb2cba57

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:91:95:b2:39:09:aa:bd:d6:85:41:3e:bb:1d:16:b5:05:1a:87:82:f2:7e:c2:e5:d7:ee:d3:8c:e8:48:0e:91
Signer

Actual PE Digest

31:91:95:b2:39:09:aa:bd:d6:85:41:3e:bb:1d:16:b5:05:1a:87:82:f2:7e:c2:e5:d7:ee:d3:8c:e8:48:0e:91

Digest Algorithm

sha256

PE Digest Matches

true

58:a6:c0:67:dd:db:c1:79:5c:c6:1d:e5:5e:49:95:2e:3e:4c:6b:54
Signer

Actual PE Digest

58:a6:c0:67:dd:db:c1:79:5c:c6:1d:e5:5e:49:95:2e:3e:4c:6b:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/NTX86/4khz-8khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

34af1360f83df6c59c2f28d9cb2cba57

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:69:94:92:98:b0:ce:ce:d5:00:b9:b1:67:06:8f:77:cd:09:60:70:11:fa:a9:ba:d9:2b:d4:e1:b9:24:c7:60
Signer

Actual PE Digest

19:69:94:92:98:b0:ce:ce:d5:00:b9:b1:67:06:8f:77:cd:09:60:70:11:fa:a9:ba:d9:2b:d4:e1:b9:24:c7:60

Digest Algorithm

sha256

PE Digest Matches

true

15:7e:fc:5b:fd:5e:e9:d7:bb:86:a9:e8:49:f4:a3:5b:10:ba:1e:8c
Signer

Actual PE Digest

15:7e:fc:5b:fd:5e:e9:d7:bb:86:a9:e8:49:f4:a3:5b:10:ba:1e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/NTX86/hidusbf.sys
.sys windows:5 windows x86 arch:x86

b61c22861a2bc08dffd66e3957b1bb4d

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be
Signer

Actual PE Digest

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be

Digest Algorithm

sha256

PE Digest Matches

true

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c
Signer

Actual PE Digest

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/NTX86/nopatch/hidusbf.sys
.sys windows:5 windows x86 arch:x86

ff806606d50632c55cde2947b6f8af7e

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:93:f6:ee:76:37:09:92:ea:44:03:2a:9a:af:16:00:6d:2d:af:f0:90:02:8a:e7:98:a2:76:a9:ab:77:ea:69
Signer

Actual PE Digest

35:93:f6:ee:76:37:09:92:ea:44:03:2a:9a:af:16:00:6d:2d:af:f0:90:02:8a:e7:98:a2:76:a9:ab:77:ea:69

Digest Algorithm

sha256

PE Digest Matches

true

f3:a0:e3:0c:83:05:05:a7:54:b5:6c:67:00:4c:de:5a:51:2a:10:4c
Signer

Actual PE Digest

f3:a0:e3:0c:83:05:05:a7:54:b5:6c:67:00:4c:de:5a:51:2a:10:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
_except_handler3
IoDeleteDevice
ZwQueryValueKey
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
IofCompleteRequest
IoDetachDevice
ExFreePool

usbd.sys

_USBD_ParseDescriptors@16

Sections

.text
Size: 992B - Virtual size: 978B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRIVER/Setup.exe
.exe windows:1 windows x86 arch:x86

Password: infected

Code Sign

3e:ea:bd:93:c8:a2:b0:9b:4d:e3:c9:0e:3d:28:d8:2e
Certificate

Issuer

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Not Before

05/06/1973, 21:00

Not After

30/12/2999, 21:00

Subject

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Extended Key Usages

ExtKeyUsageCodeSigning

9c:08:8f:eb:76:25:dd:84:7a:3e:7b:66:b5:50:d0:66:4a:6a:41:3c
Signer

Actual PE Digest

9c:08:8f:eb:76:25:dd:84:7a:3e:7b:66:b5:50:d0:66:4a:6a:41:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DRIVER/nopatch.cmd
DRIVER/sx64.exe
.exe windows:5 windows x64 arch:x64

Password: infected

d4fa6722ea3a7bcd5e00f6b8c635b3ca

Code Sign

3e:ea:bd:93:c8:a2:b0:9b:4d:e3:c9:0e:3d:28:d8:2e
Certificate

Issuer

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Not Before

05/06/1973, 21:00

Not After

30/12/2999, 21:00

Subject

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:87:86:e5:9f:14:71:c6:b6:ab:b7:87:0c:0f:d7:29:30:e7:0a:e4
Signer

Actual PE Digest

99:87:86:e5:9f:14:71:c6:b6:ab:b7:87:0c:0f:d7:29:30:e7:0a:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwindEx
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ReadFile
FlushFileBuffers
CloseHandle

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDeviceInfoA
SetupDiCreateDeviceInfoList

shell32

ShellExecuteA

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
README.2kHz-8kHz.ENG.TXT
README.ENG.TXT
README.RUS.TXT
SweetLow.CER

Sharing

General

Malware Config

Signatures

Files

Password: infected

a4854a4d8aeca1a6f1a6ecad1dafa6de

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 128B - Virtual size: 100B

INIT Size: 672B - Virtual size: 642B

.rsrc Size: 960B - Virtual size: 952B

.reloc Size: 128B - Virtual size: 118B

2381c1ee5c1461ef217df28364930cee

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6Signer

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 768B - Virtual size: 676B

.pdata Size: 256B - Virtual size: 240B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 952B

84541687f18e3ffb4f8fe04db5f18fde

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73Certificate

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 128B - Virtual size: 100B

INIT
Size: 672B - Virtual size: 642B

.rsrc
Size: 960B - Virtual size: 952B

.reloc
Size: 128B - Virtual size: 118B

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6
Signer

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 768B - Virtual size: 676B

.pdata
Size: 256B - Virtual size: 240B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 952B

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:da:71:3b:27:da:28:a7:37:18:c6:b0:9d:c2:61:7e:8e:23:54:50:ef:11:ca:64:0d:d7:f4:89:1b:10:22:2a
Signer

be:5e:bd:40:f8:54:5d:71:98:6e:fd:32:80:63:7a:a8:51:0a:4d:3a
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 768B - Virtual size: 688B

.pdata
Size: 256B - Virtual size: 240B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 952B

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:58:48:66:65:a4:56:dc:bb:06:68:49:39:fe:bb:c9:5a:9b:f5:47:0a:55:84:d1:23:5b:ef:7b:06:6f:06:cc
Signer

df:02:03:ec:56:95:cd:8b:04:52:4b:0e:df:ca:49:54:03:52:e4:a4
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 768B - Virtual size: 688B

.pdata
Size: 256B - Virtual size: 240B

INIT
Size: 2KB - Virtual size: 2KB