Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
7Static
static
3c427aafabd...20.exe
windows7-x64
7c427aafabd...20.exe
windows10-2004-x64
7$COMMONFIL...vc.exe
windows7-x64
1$COMMONFIL...vc.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3drivers/x6...st.exe
windows7-x64
4drivers/x6...st.exe
windows10-2004-x64
4drivers/x6...er.sys
windows7-x64
1drivers/x6...er.sys
windows10-2004-x64
1drivers/x8...st.exe
windows7-x64
4drivers/x8...st.exe
windows10-2004-x64
4drivers/x8...er.sys
windows7-x64
1drivers/x8...er.sys
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$COMMONFILES64/dshowmonsvc/dshowmonsvc.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
$COMMONFILES64/dshowmonsvc/dshowmonsvc.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
drivers/x64/dpinst.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
drivers/x64/dpinst.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral13
Sample
drivers/x64/skyraider.sys
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
drivers/x64/skyraider.sys
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
drivers/x86/dpinst.exe
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
drivers/x86/dpinst.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
drivers/x86/skyraider.sys
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
drivers/x86/skyraider.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620
-
Size
5.2MB
-
MD5
91097d8aeb6dfe9184309cad878aa69d
-
SHA1
58c3f2f74a18eaf2e61cb5511140df083170f57a
-
SHA256
c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620
-
SHA512
4ae3579fd0bc2822c4f2a8a506bc670b1e478363570a95fb24b4561229c18b71ce83b6165e02fe567ba50a28dbb2dad9546e276de39522ef688a8e091916a852
-
SSDEEP
98304:QPWspvmI+nOSlWI0VYNPPTJwyMjqPEGtzp34+7pFwVzu17jnsSsL/URjQ//x:QzvmI+nOlI0VcnTJwhMEay+7jwVS17ja
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620 unpack001/$COMMONFILES64/dshowmonsvc/dshowmonsvc.exe unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/nsDialogs.dll unpack001/$PLUGINSDIR/nsExec.dll
Files
-
c427aafabdde95c71ffd5291caaae80aa484c8a2ef147af1ce05fff7d318d620.exe windows:4 windows x86 arch:x86
c05041e01f84e1ccca9c4451f3b6a383
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 164KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES64/dshowmonsvc/dshowmonsvc.exe.exe windows:6 windows x64 arch:x64
21ca3f87ec578c83cf0194e9b35d849d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
SetConsoleCtrlHandler
WriteConsoleW
CreateFileW
HeapReAlloc
LoadLibraryW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
WaitForMultipleObjects
Sleep
OpenEventW
CreateEventW
WaitForSingleObject
SetEvent
SetErrorMode
GetLastError
HeapSize
CloseHandle
SetStdHandle
SetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileAttributesExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
user32
wsprintfW
MsgWaitForMultipleObjects
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW
TranslateMessage
advapi32
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ole32
CoInitializeEx
Sections
.text Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 35KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:4 windows x86 arch:x86
6b5c4f7d679059f68f1269aad3a5cecd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc
user32
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW
gdi32
SetTextColor
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
comdlg32
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 638B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
c1c7505e1e6e929ebb6b9100e55b050a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
advapi32
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode
user32
wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW
kernel32
CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
drivers/x64/dpinst.exe.exe windows:6 windows x64 arch:x64
3eacb9638877275335da4b58e52824f8
Code Sign
61:15:23:0f:00:00:00:00:00:0aCertificate
IssuerCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 21:57Not After07/03/2011, 21:57SubjectCN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:16:b5:29:00:00:00:00:00:10Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/01/2010, 21:12Not After04/01/2013, 21:22SubjectCN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:16:b5:29:00:00:00:00:00:10Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/01/2010, 21:12Not After04/01/2013, 21:22SubjectCN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before09/05/2001, 23:19Not After09/05/2021, 23:28SubjectCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dKey Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:07:02:dc:00:00:00:00:00:0bCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before15/09/2005, 21:55Not After15/03/2016, 22:05SubjectCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
bf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6Signer
Actual PE Digestbf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
DpInst.pdb
Imports
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
IsTextUnicode
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
DeleteService
CloseServiceHandle
ControlService
StartServiceW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
QueryServiceStatus
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
CheckTokenMembership
kernel32
CreateMutexW
ReleaseMutex
SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
GetProcAddress
GetStdHandle
GetConsoleMode
SetConsoleMode
ReadConsoleOutputW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
FreeConsole
FreeLibrary
WriteConsoleOutputW
WriteConsoleW
IsValidLocale
VirtualProtect
Sleep
GetFileAttributesW
DeleteFileW
FormatMessageW
RaiseException
CopyFileW
SetFileAttributesW
GetTempFileNameW
FindClose
FindNextFileW
CompareStringW
lstrcmpW
FindFirstFileW
lstrlenW
UnmapViewOfFile
GetConsoleScreenBufferInfo
CreateFileMappingW
LCMapStringW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEndOfFile
CreateEventW
SetEvent
LocalReAlloc
DeviceIoControl
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetShortPathNameW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFullPathNameW
SetLastError
GetLocaleInfoW
LoadLibraryExW
GetSystemDefaultUILanguage
SearchPathW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
GetFileSize
CreateThread
SetThreadLocale
GetThreadLocale
WriteFile
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetCurrentProcess
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
SetCurrentDirectoryW
GetUserDefaultUILanguage
EnumResourceLanguagesW
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
LocalFree
GlobalFree
LocalAlloc
GetLastError
GetCommandLineW
CloseHandle
MapViewOfFile
gdi32
CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteDC
SetLayout
CreateCompatibleDC
EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject
user32
DestroyIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
LoadIconW
LoadBitmapW
CharLowerW
UnregisterClassA
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
ShowWindow
AllowSetForegroundWindow
DialogBoxParamW
SetDlgItemTextW
EndDialog
MessageBoxW
GetDlgItem
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
LoadImageW
SetWindowTextW
PostMessageW
GetParent
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
SendDlgItemMessageW
InvalidateRect
GetSystemMetrics
GetSysColor
DestroyWindow
SetWindowLongW
SystemParametersInfoW
GetDC
ReleaseDC
DrawTextExW
msvcrt
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_resetstkoflw
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
fread
_initterm
fclose
fwprintf
_wfopen
realloc
??2@YAPEAX_K@Z
wcsstr
_wcsicmp
_wtol
_vscwprintf
free
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
memmove
_CxxThrowException
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_wcsnicmp
_vsnwprintf
wcsncmp
bsearch
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswalpha
??_U@YAPEAX_K@Z
wcschr
wcspbrk
wcsrchr
iswdigit
feof
memcmp
ntdll
NtQueryInformationToken
RtlNtStatusToDosError
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenProcessToken
shell32
ord59
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
setupapi
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
pSetupSetGlobalFlags
SetupDefaultQueueCallbackW
pSetupGetGlobalFlags
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupGetFieldCount
SetupGetIntField
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupFindNextLine
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupPromptReboot
SetupDiGetDeviceInstanceIdW
SetupFindFirstLineW
SetupOpenAppendInfFileW
SetupGetLineCountW
SetupDiGetActualSectionToInstallW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetSelectedDriverW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
CMP_WaitNoPendingInstallEvents
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiGetDriverInfoDetailW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupInstallFilesFromInfSectionW
SetupDiCallClassInstaller
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
CM_Enumerate_Classes
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CM_Get_Device_IDW
SetupCopyOEMInfW
SetupGetTargetPathW
wintrust
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
ole32
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
StringFromCLSID
oleaut32
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
comctl32
PropertySheetW
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor
comdlg32
PrintDlgExW
GetSaveFileNameW
crypt32
CertFreeCTLContext
CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Sections
.text Size: 510KB - Virtual size: 510KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 470KB - Virtual size: 472KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
drivers/x64/skyraider.cat
-
drivers/x64/skyraider.inf
-
drivers/x64/skyraider.sys.sys windows:6 windows x64 arch:x64
b81df4c99cf5668be28b98bd11816232
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before24/05/2016, 00:00Not After24/06/2027, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:33:73:41:c3:e2:2a:c4:94:4f:23:58:86:8b:17:6d:e1Certificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before14/02/2014, 10:11Not After14/02/2017, 10:11SubjectCN=Hangzhou ToupTek Photonics Co.\, Ltd,O=Hangzhou ToupTek Photonics Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6b:76:10:dc:fb:35:de:29:51:e7:e4:cc:8a:93:d3:15:04:8b:fe:f8Signer
Actual PE Digest6b:76:10:dc:fb:35:de:29:51:e7:e4:cc:8a:93:d3:15:04:8b:fe:f8Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\dev\image\sys\touptek\amd64\toupcam.pdb
Imports
ntoskrnl.exe
IoDeleteDevice
KeSetEvent
swprintf
KeInitializeEvent
IoDetachDevice
PoRequestPowerIrp
PoSetPowerState
MmMapLockedPagesSpecifyCache
ExAllocatePool
RtlInitUnicodeString
PoStartNextPowerIrp
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
PoCallDriver
IoCreateSymbolicLink
IoCreateDevice
IofCallDriver
KeBugCheckEx
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
ExFreePool
sprintf
usbd.sys
USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
drivers/x86/dpinst.exe.exe windows:6 windows x86 arch:x86
3ab7cc62e4963955ad408cd420cd8ef1
Code Sign
61:03:dc:f6:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:12Not After25/07/2011, 19:22SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:15:23:0f:00:00:00:00:00:0aCertificate
IssuerCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 21:57Not After07/03/2011, 21:57SubjectCN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:07:02:dc:00:00:00:00:00:0bCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before15/09/2005, 21:55Not After15/03/2016, 22:05SubjectCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
71:85:11:e5:d1:4c:f1:de:16:92:e6:78:64:21:75:0c:36:76:a6:9eSigner
Actual PE Digest71:85:11:e5:d1:4c:f1:de:16:92:e6:78:64:21:75:0c:36:76:a6:9eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
DpInst.pdb
Imports
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
DeleteService
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32
GetFileAttributesW
DeleteFileW
ReleaseMutex
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
CreateMutexW
FreeConsole
SetConsoleMode
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FreeLibrary
FillConsoleOutputCharacterW
ReadConsoleOutputW
GetConsoleMode
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleW
IsValidLocale
lstrlenW
lstrcmpW
CompareStringW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
SetFileAttributesW
FormatMessageW
RaiseException
GetFileSize
CreateFileMappingW
MapViewOfFile
WriteConsoleOutputW
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
CreateFileW
WriteFile
CreateThread
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
GetExitCodeProcess
DeviceIoControl
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetFullPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
MoveFileExW
SearchPathW
GetSystemDefaultUILanguage
LoadLibraryExW
CreateFileA
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleCP
GetLocaleInfoA
Sleep
LoadLibraryExA
ReadFile
LCMapStringW
LCMapStringA
GetThreadLocale
SetThreadLocale
GetUserDefaultUILanguage
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetModuleFileNameW
SetCurrentDirectoryW
WaitForSingleObject
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
WideCharToMultiByte
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
LocalAlloc
GlobalFree
LocalFree
MultiByteToWideChar
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceLanguagesW
LocalReAlloc
EnterCriticalSection
gdi32
SetLayout
DeleteDC
GetObjectW
CreateCompatibleBitmap
CreateBitmap
SelectObject
StartPage
EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
user32
AllowSetForegroundWindow
DefWindowProcW
PostQuitMessage
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo
DrawIconEx
CreateIconIndirect
LoadIconW
LoadBitmapW
DrawTextExW
LoadImageW
GetSystemMetrics
GetSysColor
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetWindowTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
SetDlgItemTextW
CharLowerW
GetDlgItem
SendMessageW
MessageBoxW
RegisterClassExW
CreateWindowExW
ShowWindow
UnregisterClassA
EndDialog
ntdll
RtlNtStatusToDosError
NtOpenThreadToken
NtQueryInformationToken
NtOpenProcessToken
RtlUnwind
NtClose
shell32
SHGetFolderPathW
ShellExecuteExW
ord59
CommandLineToArgvW
setupapi
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupGetFieldCount
SetupGetIntField
SetupOpenAppendInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
CM_Enumerate_Classes
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCopyOEMInfW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Setup_DevNode
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
CM_Query_And_Remove_SubTreeW
wintrust
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
ole32
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString
comctl32
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
PropertySheetW
ImageList_Create
comdlg32
PrintDlgExW
GetSaveFileNameW
crypt32
CertFreeCertificateContext
CertFreeCTLContext
CertGetCTLContextProperty
CryptQueryObject
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
Sections
.text Size: 392KB - Virtual size: 391KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 470KB - Virtual size: 472KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
drivers/x86/skyraider.cat
-
drivers/x86/skyraider.inf
-
drivers/x86/skyraider.sys.sys windows:6 windows x86 arch:x86
9d910432f75cdd36299a34c5f1de922b
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before24/05/2016, 00:00Not After24/06/2027, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:33:73:41:c3:e2:2a:c4:94:4f:23:58:86:8b:17:6d:e1Certificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before14/02/2014, 10:11Not After14/02/2017, 10:11SubjectCN=Hangzhou ToupTek Photonics Co.\, Ltd,O=Hangzhou ToupTek Photonics Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:71:fc:d9:4b:82:ca:d2:33:ff:51:52:49:ca:d0:03:12:b2:9e:7fSigner
Actual PE Digest0b:71:fc:d9:4b:82:ca:d2:33:ff:51:52:49:ca:d0:03:12:b2:9e:7fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\dev\image\sys\touptek\i386\toupcam.pdb
Imports
ntoskrnl.exe
IofCompleteRequest
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePool
PoStartNextPowerIrp
PoSetPowerState
IoCreateDevice
swprintf
memset
IoBuildDeviceIoControlRequest
ExAllocatePool
memcpy
KeInitializeEvent
InterlockedDecrement
InterlockedIncrement
PoRequestPowerIrp
IoAttachDeviceToDeviceStack
MmMapLockedPagesSpecifyCache
PoCallDriver
IoDeleteDevice
IoDetachDevice
IoCreateSymbolicLink
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
sprintf
IofCallDriver
usbd.sys
USBD_ParseConfigurationDescriptorEx
USBD_GetUSBDIVersion
USBD_CreateConfigurationRequestEx
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 238B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 938B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ