D:\DevEvo_Project\DevilDemo\Release\DevilDemo.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
103.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
103.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
84.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
84.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
WinDivert.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
WinDivert.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
WinDivert32.sys
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
WinDivert64.sys
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Bet_Cancel_By_Dubong.zip
-
Size
3.7MB
-
MD5
a8301df332aa1f70c2bdb50761f9243c
-
SHA1
533f25725c76d125e07e498c92a321b5d5327c98
-
SHA256
7e1ffecef00c4a53174310cf7f05a0daff64a879893a0903750ea388fdef9083
-
SHA512
c510d31933ea7e78de7ffa164d3956b9bc0513919334df30d2c78364645ac60ee8a15ba8462e62be0e9b5657a141391708bb845949e05d96a3827a5d8c41d59c
-
SSDEEP
98304:bk5yjGyASH/gaz9nSRBo+12BsaO4F/t9GA:I5GGyAi/0P12uax4A
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/103.exe unpack001/84.exe unpack001/WinDivert.dll
Files
-
Bet_Cancel_By_Dubong.zip.zip
Password: infected
-
103.exe.exe windows:6 windows x86 arch:x86
5038c9d75df653a9aa4f0b551de60f16
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
windivert
WinDivertHelperCalcChecksums
WinDivertHelperFormatIPv4Address
WinDivertHelperHtonl
WinDivertHelperHtons
WinDivertHelperNtohl
WinDivertHelperNtohs
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
kernel32
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
CompareStringW
GetTimeZoneInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
LCMapStringW
FreeLibraryAndExitThread
GetConsoleOutputCP
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
GetTempFileNameA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
GetTempPathA
GetACP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryA
FindResourceA
GlobalFree
GetCurrentProcessId
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
SetLastError
OutputDebugStringA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
CreateThread
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetConsoleMode
WriteConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
ExitThread
user32
GetNextDlgGroupItem
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
CharUpperA
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
GetMenuItemInfoA
DestroyMenu
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
GetClassNameA
InvalidateRect
UpdateWindow
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
OpenClipboard
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
EnumDisplayMonitors
GetMonitorInfoA
SystemParametersInfoA
LoadCursorW
LoadCursorA
CopyRect
SetRectEmpty
SetLayeredWindowAttributes
GetClassInfoA
DefWindowProcA
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
CloseClipboard
SetClipboardData
EmptyClipboard
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
DestroyWindow
IsWindow
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
RedrawWindow
SetWindowRgn
DrawStateA
GetFocus
IsWindowVisible
DestroyIcon
LoadImageA
LoadImageW
SetParent
MonitorFromPoint
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
DrawFrameControl
DrawEdge
GetWindowRgn
BringWindowToTop
DestroyCursor
InvertRect
HideCaret
MessageBeep
GetWindowRect
GetSystemMetrics
wsprintfA
IsIconic
GetClientRect
DrawIcon
UnregisterClassA
PostMessageA
PostQuitMessage
DispatchMessageA
PeekMessageA
WaitMessage
SetTimer
KillTimer
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
RegisterWindowMessageA
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
SubtractRect
GetKeyNameTextA
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
CallNextHookEx
gdi32
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectA
CreatePen
CreatePatternBrush
DeleteObject
EnumFontFamiliesA
GetDeviceCaps
GetStockObject
GetTextCharsetInfo
GetObjectA
CopyMetaFileA
CreateDCA
CreateBitmap
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
CreateCompatibleBitmap
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceA
BitBlt
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
MoveToEx
GetTextExtentPoint32A
DeleteDC
msimg32
TransparentBlt
AlphaBlend
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
advapi32
RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
shell32
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
DragFinish
DragQueryFileA
SHAppBarMessage
SHGetFileInfoA
SHGetDesktopFolder
comctl32
InitCommonControlsEx
shlwapi
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
uxtheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
ole32
ReleaseStgMedium
CoGetClassObject
OleCreateMenuDescriptor
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoDisconnectObject
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleDuplicateData
CoTaskMemFree
OleDestroyMenuDescriptor
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
oleaut32
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
SysStringLen
VariantChangeType
VariantCopy
VarBstrFromDate
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
oledlg
ord8
gdiplus
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
ws2_32
WSACleanup
inet_ntoa
gethostbyname
WSAStartup
gethostname
WSASetLastError
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 309KB - Virtual size: 309KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
84.exe.exe windows:6 windows x86 arch:x86
5038c9d75df653a9aa4f0b551de60f16
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\DevEvo_Project\DevilDemo\Release\DevilDemo.pdb
Imports
windivert
WinDivertHelperCalcChecksums
WinDivertHelperFormatIPv4Address
WinDivertHelperHtonl
WinDivertHelperHtons
WinDivertHelperNtohl
WinDivertHelperNtohs
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
kernel32
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
CompareStringW
GetTimeZoneInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
LCMapStringW
FreeLibraryAndExitThread
GetConsoleOutputCP
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
GetTempFileNameA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
GetTempPathA
GetACP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryA
FindResourceA
GlobalFree
GetCurrentProcessId
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
SetLastError
OutputDebugStringA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
CreateThread
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetConsoleMode
WriteConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
ExitThread
user32
GetNextDlgGroupItem
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
CharUpperA
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
GetMenuItemInfoA
DestroyMenu
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
GetClassNameA
InvalidateRect
UpdateWindow
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
OpenClipboard
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
EnumDisplayMonitors
GetMonitorInfoA
SystemParametersInfoA
LoadCursorW
LoadCursorA
CopyRect
SetRectEmpty
SetLayeredWindowAttributes
GetClassInfoA
DefWindowProcA
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
CloseClipboard
SetClipboardData
EmptyClipboard
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
DestroyWindow
IsWindow
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
RedrawWindow
SetWindowRgn
DrawStateA
GetFocus
IsWindowVisible
DestroyIcon
LoadImageA
LoadImageW
SetParent
MonitorFromPoint
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
DrawFrameControl
DrawEdge
GetWindowRgn
BringWindowToTop
DestroyCursor
InvertRect
HideCaret
MessageBeep
GetWindowRect
GetSystemMetrics
wsprintfA
IsIconic
GetClientRect
DrawIcon
UnregisterClassA
PostMessageA
PostQuitMessage
DispatchMessageA
PeekMessageA
WaitMessage
SetTimer
KillTimer
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
RegisterWindowMessageA
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
SubtractRect
GetKeyNameTextA
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
CallNextHookEx
gdi32
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectA
CreatePen
CreatePatternBrush
DeleteObject
EnumFontFamiliesA
GetDeviceCaps
GetStockObject
GetTextCharsetInfo
GetObjectA
CopyMetaFileA
CreateDCA
CreateBitmap
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
CreateCompatibleBitmap
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceA
BitBlt
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
MoveToEx
GetTextExtentPoint32A
DeleteDC
msimg32
TransparentBlt
AlphaBlend
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
advapi32
RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
shell32
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
DragFinish
DragQueryFileA
SHAppBarMessage
SHGetFileInfoA
SHGetDesktopFolder
comctl32
InitCommonControlsEx
shlwapi
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
uxtheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
ole32
ReleaseStgMedium
CoGetClassObject
OleCreateMenuDescriptor
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoDisconnectObject
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleDuplicateData
CoTaskMemFree
OleDestroyMenuDescriptor
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
oleaut32
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
SysStringLen
VariantChangeType
VariantCopy
VarBstrFromDate
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
oledlg
ord8
gdiplus
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
ws2_32
WSACleanup
inet_ntoa
gethostbyname
WSAStartup
gethostname
WSASetLastError
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 309KB - Virtual size: 309KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WinDivert.dll.dll windows:4 windows x86 arch:x86
a8e7995c1f834b606568ac0eb04eba9c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
advapi32
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegSetValueExW
StartServiceW
kernel32
CloseHandle
CreateEventW
CreateFileW
CreateMutexW
DeviceIoControl
GetCurrentProcess
GetLastError
GetModuleFileNameW
GetOverlappedResult
HeapAlloc
HeapCreate
HeapDestroy
IsWow64Process
ReleaseMutex
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
Exports
Exports
WinDivertClose
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperCompileFilter
WinDivertHelperDecrementTTL
WinDivertHelperEvalFilter
WinDivertHelperFormatFilter
WinDivertHelperFormatIPv4Address
WinDivertHelperFormatIPv6Address
WinDivertHelperHashPacket
WinDivertHelperHtonIPv6Address
WinDivertHelperHtonIpv6Address
WinDivertHelperHtonl
WinDivertHelperHtonll
WinDivertHelperHtons
WinDivertHelperNtohIPv6Address
WinDivertHelperNtohIpv6Address
WinDivertHelperNtohl
WinDivertHelperNtohll
WinDivertHelperNtohs
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam
WinDivertShutdown
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 8B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 964B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WinDivert32.sys.sys windows:10 windows x86 arch:x86
7e59afc2d9906fae8fc85f4522426cb3
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01-01-2004 00:00Not After31-12-2028 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:50:19:91:b1:8f:32:38:04:52:51:37:dc:25:00:5aCertificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before25-05-2022 00:00Not After25-05-2023 23:59SubjectSERIALNUMBER=91510107MA7E8Y2876,CN=成都密思听科技有限公司,O=成都密思听科技有限公司,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate
IssuerCN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-06-2022 18:08Not After01-06-2023 18:08SubjectCN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-10-2014 20:31Not After15-10-2029 20:41SubjectCN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d3:5b:c5:1a:ca:fa:b8:93:69:8e:60:64:d2:86:54:19:18:a7:89:ac:7c:06:a6:44:2b:f4:35:1d:de:84:27:77Signer
Actual PE Digestd3:5b:c5:1a:ca:fa:b8:93:69:8e:60:64:d2:86:54:19:18:a7:89:ac:7c:06:a6:44:2b:f4:35:1d:de:84:27:77Digest Algorithmsha256PE Digest Matchestrued3:5b:c5:1a:ca:fa:b8:93:69:8e:60:64:d2:86:54:19:18:a7:89:ac:7c:06:a6:44:2b:f4:35:1d:de:84:27:77Signer
Actual PE Digestd3:5b:c5:1a:ca:fa:b8:93:69:8e:60:64:d2:86:54:19:18:a7:89:ac:7c:06:a6:44:2b:f4:35:1d:de:84:27:77Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\WinDivert-2.2.2\install\MSVC\i386\WinDivert32.pdb
Imports
ntoskrnl.exe
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
IoWriteErrorLogEntry
ObfReferenceObject
ObfDereferenceObject
RtlCopyUnicodeString
ExUuidCreate
PsGetProcessId
IoGetRequestorProcess
_alldiv
KeBugCheckEx
memset
memcpy
_allmul
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlGetVersion
RtlIntegerToUnicodeString
hal
KeReleaseInStackQueuedSpinLock
KeQueryPerformanceCounter
KeAcquireInStackQueuedSpinLock
ndis.sys
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisGetDataBuffer
fwpkclnt.sys
FwpsAllocateNetBufferAndNetBufferList0
FwpmFilterDeleteByKey0
FwpmFilterAdd0
FwpmCalloutDeleteByKey0
FwpmCalloutAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmProviderDeleteByKey0
FwpmProviderAdd0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsQueryPacketInjectionState0
FwpsInjectNetworkReceiveAsync0
FwpsInjectForwardAsync0
FwpsInjectNetworkSendAsync0
FwpsCalloutRegister0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsFreeNetBufferList0
wdfldr.sys
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WinDivert64.sys.sys windows:10 windows x64 arch:x64
db584dd0570594898805dd67d7ff391c
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01-01-2004 00:00Not After31-12-2028 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:50:19:91:b1:8f:32:38:04:52:51:37:dc:25:00:5aCertificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before25-05-2022 00:00Not After25-05-2023 23:59SubjectSERIALNUMBER=91510107MA7E8Y2876,CN=成都密思听科技有限公司,O=成都密思听科技有限公司,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate
IssuerCN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-06-2022 18:08Not After01-06-2023 18:08SubjectCN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-10-2014 20:31Not After15-10-2029 20:41SubjectCN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5a:de:d7:5d:6b:eb:31:58:49:f6:98:a7:8f:80:33:de:26:eb:15:19:55:a1:cb:c0:1e:30:37:32:0e:2a:0e:b6Signer
Actual PE Digest5a:de:d7:5d:6b:eb:31:58:49:f6:98:a7:8f:80:33:de:26:eb:15:19:55:a1:cb:c0:1e:30:37:32:0e:2a:0e:b6Digest Algorithmsha256PE Digest Matchestrue5a:de:d7:5d:6b:eb:31:58:49:f6:98:a7:8f:80:33:de:26:eb:15:19:55:a1:cb:c0:1e:30:37:32:0e:2a:0e:b6Signer
Actual PE Digest5a:de:d7:5d:6b:eb:31:58:49:f6:98:a7:8f:80:33:de:26:eb:15:19:55:a1:cb:c0:1e:30:37:32:0e:2a:0e:b6Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\WinDivert-2.2.2\install\MSVC\amd64\WinDivert64.pdb
Imports
ntoskrnl.exe
RtlCopyUnicodeString
KeBugCheckEx
IoGetRequestorProcess
PsGetProcessId
ExUuidCreate
ObfDereferenceObject
ObfReferenceObject
IoWriteErrorLogEntry
IoGetCurrentProcess
IoFreeMdl
IoAllocateMdl
IoAllocateErrorLogEntry
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
ExAllocatePoolWithTag
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlGetVersion
RtlIntegerToUnicodeString
hal
KeQueryPerformanceCounter
ndis.sys
NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBufferListPool
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisFreeNetBufferListPool
fwpkclnt.sys
FwpmTransactionAbort0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsQueryPacketInjectionState0
FwpmProviderAdd0
FwpmProviderDeleteByKey0
FwpsInjectNetworkReceiveAsync0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmCalloutAdd0
FwpmCalloutDeleteByKey0
FwpmFilterAdd0
FwpmFilterDeleteByKey0
FwpmTransactionCommit0
FwpsCalloutRegister0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpsInjectNetworkSendAsync0
FwpsInjectForwardAsync0
wdfldr.sys
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ