build[.]rar | Triage

Resubmissions

16/04/2024, 17:20

240416-vwxmxshe5x 8

16/04/2024, 17:12

240416-vq3a8aff85 8

Sharing

Copy URL

Twitter E-mail

General

Target

build.rar
Size

158KB
MD5

a215df03bc3102236b6f76df515dc55e
SHA1

4d097c00aac70234250c7c60769e56b8e9fefbb0
SHA256

168a5059e28c55828125de1531d8c8a01e1c40516bc07a1bafd147157ec4517d
SHA512

72d03d41b7225dbea06ad1b419e89023be75a0af2816705b8611c3c097a95e07251aa24ce44c4cfcd59616907dc0c62f43826f7f22b21509f98fba1aa9734d92
SSDEEP

3072:4kIcN4AtL5996ev3CItyljvul5F9S3hCMNXfdXoSDB7omp/4C:4kIcNHtV996evrwl7uLFE/fWKVgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AbdiEXT.exe
unpack001/Driver/driver.sys
unpack001/Driver/loader.exe

Files

build.rar
.rar
AbdiEXT.exe
.exe windows:6 windows x64 arch:x64

82ba8959e3d137064743bfcedbf3d0b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
CreateFileW
CloseHandle
GetLastError
SetLastError
DeviceIoControl
Sleep
lstrcmpiA
MultiByteToWideChar
GetConsoleScreenBufferInfoEx
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleTitleA
SetConsoleTitleW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
Process32Next
GlobalLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GlobalUnlock
GlobalAlloc
Process32First

user32

GetWindow
GetWindowThreadProcessId
EnumWindows
SetWindowLongA
GetWindowLongA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
GetAsyncKeyState
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
PostQuitMessage
EmptyClipboard
OpenClipboard
CloseClipboard
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
GetClipboardData
SetClipboardData

gdi32

GetStockObject

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

d3d9

Direct3DCreate9Ex

vcruntime140

strstr
memcpy
__current_exception_context
__current_exception
__C_specific_handler
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
memset
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

isprint
_wcsicmp
strncpy
strcmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fwrite
_wfopen
fclose
ftell
__p__commode
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf
_set_fmode
fread
__stdio_common_vsscanf
fseek

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-math-l1-1-0

sinf
pow
powf
cosf
ceilf
fmodf
asin
atan2
fabs
tanf
floorf
__setusermatherr
sqrtf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
exit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
system

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver/READPLEASEFIRST.txt
Driver/driver.sys
.sys windows:10 windows x64 arch:x64

265d840698932870eb3c13b8ee9e2b69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jeremy\Desktop\Driver CPU 17.03.2024\x64\Release\drv.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
PsLookupProcessByProcessId
_vsnwprintf
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 682B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver/gdrv.sys
.sys windows:5 windows x64 arch:x64

cc81a908891587ccac8059435eda4c66

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:84:72:54:2c:24:ab:8e:42:92:29:ac:f1:21:ca:26
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/08/2010, 00:00

Not After

17/10/2013, 23:59

Subject

CN=Giga-Byte Technology,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Testing Department,O=Giga-Byte Technology,L=Taipei Hsien,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0f
Signer

Actual PE Digest

0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\ycc\gdrv64\objfre_wnet_AMD64\amd64\gdrv64.pdb

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
DbgPrint
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
IoFreeMdl
MmUnmapLockedPages
MmMapIoSpace
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
IoCreateSymbolicLink
KeAcquireInStackQueuedSpinLock
MmFreeContiguousMemory
MmIsAddressValid
MmAllocateContiguousMemory
MmGetPhysicalAddress
IofCompleteRequest
ExAllocatePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
KeReleaseInStackQueuedSpinLock
IoDeleteDevice

hal

HalTranslateBusAddress

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver/loader.exe
.exe windows:6 windows x64 arch:x64

8550b9122a4d909a8607237e7d2f9bac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\WP\source\repos\gdrv-loader-master-v2\bin\swind2.pdb

Imports

ntdll

RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
NtClose
RtlFreeHeap
NtCreateFile
NtMapViewOfSection
RtlWriteRegistryValue
NtQuerySystemInformation
NtUnloadDriver
NtCreateSection
_snwprintf
RtlInitUnicodeString
wcscpy_s
wcscat_s
RtlGetFullPathName_UEx
NtDeviceIoControlFile
RtlAdjustPrivilege
_stricmp
NtUnmapViewOfSection
NtLoadDriver
memcmp
NtTerminateProcess
RtlNormalizeProcessParams
RtlAllocateHeap
RtlCreateRegistryKey
_vsnwprintf
strcmp

kernel32

ReadConsoleInputW
WriteConsoleW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Driver/map.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

82ba8959e3d137064743bfcedbf3d0b2

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

imm32

msvcp140

d3d9

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 224B

265d840698932870eb3c13b8ee9e2b69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 300B

INIT Size: 1024B - Virtual size: 682B

.reloc Size: 512B - Virtual size: 36B

cc81a908891587ccac8059435eda4c66

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

24:84:72:54:2c:24:ab:8e:42:92:29:ac:f1:21:ca:26Certificate

Extended Key Usages

Key Usages

0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0fSigner

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 344B

.pdata Size: 1024B - Virtual size: 732B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1000B

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 224B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 300B

INIT
Size: 1024B - Virtual size: 682B

.reloc
Size: 512B - Virtual size: 36B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

24:84:72:54:2c:24:ab:8e:42:92:29:ac:f1:21:ca:26
Certificate

0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0f
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 344B

.pdata
Size: 1024B - Virtual size: 732B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 1024B - Virtual size: 832B