89900dda507b5b2e8655a0efa5bda8b3ea38d16f967cb7cb1da26a3a7856bc68

Sharing

Copy URL

Twitter E-mail

General

Target

89900dda507b5b2e8655a0efa5bda8b3ea38d16f967cb7cb1da26a3a7856bc68
Size

1.5MB
MD5

064006f645ba3ae11972443937dad9d8
SHA1

2ab20861ffec71d883b0a3de778b9a0e9d555715
SHA256

89900dda507b5b2e8655a0efa5bda8b3ea38d16f967cb7cb1da26a3a7856bc68
SHA512

4522091d735111bb66e5bae2ffb5edeef79f37beb75c8d37b32efb906182fa6d9d24124ea8e85e1fc44255afaa84038bae945bf71971f1066d6f36a6a37b2740
SSDEEP

49152:wz0UJNLoZifKVOJRez+ChfIl3AkFpPP6NXXkD7:DZiyzz+CKFA8pX6tI7

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Intel/FORCED/5x86/PRO1000/7.2.16.0/E1000NT5.SYS
unpack001/Intel/FORCED/5x86/PRO1000/7.2.16.0/PROUnstl.exe
unpack001/Intel/FORCED/5x86/PRO1000/7.2.16.0/e1000msg.dll
unpack001/Intel/FORCED/5x86/PRO1000/7.2.16.0/intelnic.dll

Files

89900dda507b5b2e8655a0efa5bda8b3ea38d16f967cb7cb1da26a3a7856bc68
.zip
Intel/FORCED/5x86/PRO1000/7.2.16.0/E1000NT5.SYS
.sys windows:5 windows x86 arch:x86

84aead5e8c04d2dea07029bb4a6e9701

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KefAcquireSpinLockAtDpcLevel
MmMapLockedPages
KefReleaseSpinLockFromDpcLevel
InterlockedDecrement
_allshl
InterlockedIncrement
_aulldiv
_allmul
IoFreeMdl
KeInitializeSpinLock

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
KfReleaseSpinLock
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock

ndis.sys

NdisMSetAttributesEx
NdisWaitEvent
NdisMCancelTimer
NdisMQueryAdapterResources
NdisMPciAssignResources
NdisReadConfiguration
NdisReadPciSlotInformation
NdisWriteErrorLogEntry
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisWritePciSlotInformation
NdisUnchainBufferAtFront
NdisMStartBufferPhysicalMapping
NdisMCompleteBufferPhysicalMapping
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisSetEvent
NdisInitializeEvent
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisReadNetworkAddress
NdisMRegisterIoPortRange
NdisCloseConfiguration
NdisOpenConfiguration
NdisAllocateMemoryWithTag
NdisMSleep
NdisMDeregisterInterrupt
NdisMFreeMapRegisters
NdisMAllocateMapRegisters
NdisMDeregisterAdapterShutdownHandler
NdisSetTimer
NdisGetSystemUpTime
NdisMSetPeriodicTimer
NdisResetEvent
NdisFreePacket
NdisMMapIoSpace
NdisMAllocateSharedMemory
NdisAllocatePacket
NdisAllocatePacketPool
NdisFreePacketPool
NdisFreeMemory
NdisAllocateBufferPool
NdisAllocateBuffer
NdisMFreeSharedMemory
NdisFreeBufferPool

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/7.2.16.0/PROUnstl.exe
.exe windows:4 windows x86 arch:x86

cb7d3f7e84513b9ad0d9e5c18fcd5390

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList

kernel32

CreateFileA
Sleep
GetVersionExA
GetSystemDefaultLangID
ReadFile
WideCharToMultiByte
LoadResource
FindResourceExA
LockResource
GetLastError
GetCurrentProcess
SetCurrentDirectoryA
GetProcAddress
SetFileAttributesA
CloseHandle
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetCPInfo
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TerminateProcess
FindFirstFileA
FindNextFileA
DeleteFileA
FindClose
RemoveDirectoryA
GetCurrentDirectoryA
OpenFile
GetWindowsDirectoryA
WinExec
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetEnvironmentStrings
GetOEMCP
MultiByteToWideChar
ExitProcess
GetVersion
GetCommandLineA
LCMapStringW
LCMapStringA
GetStartupInfoA
HeapAlloc
GetACP
HeapFree
GetModuleHandleA

user32

SetCursor
LoadCursorA
DispatchMessageA
TranslateMessage
IsDialogMessageA
CreateDialogIndirectParamA
GetDesktopWindow
GetWindowRect
SetWindowPos
wsprintfA
GetMessageA
DestroyWindow
SetWindowTextA
SetDlgItemTextA
MessageBoxA
PostQuitMessage
ShowWindow
PostMessageA

advapi32

RegEnumKeyExA
SetSecurityDescriptorDacl
RegDeleteKeyA
OpenSCManagerA
InitializeAcl
AddAccessAllowedAce
RegSetKeySecurity
OpenProcessToken
GetTokenInformation
GetLengthSid
RegQueryValueExA
CloseServiceHandle
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegCloseKey
IsValidSecurityDescriptor

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/7.2.16.0/e1000msg.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/7.2.16.0/e1000nt5.Inf
Intel/FORCED/5x86/PRO1000/7.2.16.0/e1000nt5.cat
Intel/FORCED/5x86/PRO1000/7.2.16.0/e1000nt5.din
Intel/FORCED/5x86/PRO1000/7.2.16.0/intelnic.dll
.dll windows:5 windows x86 arch:x86

02b30adf3fa8d1c08003e015be2fe5ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

VerSetConditionMask

setupapi

SetupDiChangeState
SetupDiSetClassInstallParamsA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstallParamsA
SetupInitDefaultQueueCallback
SetupOpenFileQueue
SetupDiSetDeviceInstallParamsA
SetupCloseInfFile
SetupQueueCopySectionA
SetupFindNextLine
SetupDefaultQueueCallbackA
SetupCommitFileQueueA
SetupCloseFileQueue
SetupFindFirstLineA
SetupGetLineTextA
SetupOpenInfFileA
SetupDiGetSelectedDriverA
SetupDiGetDriverInfoDetailA

kernel32

Sleep
HeapFree
HeapAlloc
VerifyVersionInfoA
VirtualAlloc
VirtualFree
GetLastError
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

user32

wsprintfA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/E1000325.sys
.sys windows:5 windows x86 arch:x86

0312cad2045a4b4be6a865c822fed8fa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:b5:22:1d:17:e3:ba:45:0e:40:35:03:4e:1c:39:4b:ca:bb:22:c8
Signer

Actual PE Digest

0b:b5:22:1d:17:e3:ba:45:0e:40:35:03:4e:1c:39:4b:ca:bb:22:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sandbox\107846\makedir5\intel\free\i386\E1000325.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ZwOpenFile
ZwOpenKey
ZwQueryValueKey
ZwClose
_allmul
_alldiv
KeTickCount
KeQueryTimeIncrement
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMRegisterIoPortRange
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMMapIoSpace
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisTerminateWrapper
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMDeregisterInterrupt
NdisWaitEvent

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/E1000NT5.SYS
.sys windows:5 windows x86 arch:x86

54fd9548f59dfb084087cb346a76054d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:49:77:48:ad:67:e9:fc:25:14:98:7b:66:f0:b5:b6:cd:81:db:3d
Signer

Actual PE Digest

f2:49:77:48:ad:67:e9:fc:25:14:98:7b:66:f0:b5:b6:cd:81:db:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sandbox\107846\makedir5\intel\free\i386\E1000NT5.pdb

Imports

ntoskrnl.exe

ZwOpenKey
ZwQueryValueKey
ZwClose
_allmul
_alldiv
KeTickCount
KeQueryTimeIncrement
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMFreeMapRegisters
NdisMAllocateMapRegisters
NdisTerminateWrapper
NdisReadNetworkAddress
NdisMDeregisterIoPortRange
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMUnmapIoSpace
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisMSetPeriodicTimer
NdisMRegisterInterrupt
NdisSetTimer
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisMQueryAdapterInstanceName
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisWriteEventLogEntry
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterInterrupt

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInE1R.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:a9:21:43:f8:0d:f8:e8:b9:fb:68:e1:b9:06:f4:e5:49:19:bc:0b
Signer

Actual PE Digest

88:a9:21:43:f8:0d:f8:e8:b9:fb:68:e1:b9:06:f4:e5:49:19:bc:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\291156\free\i386\NicInE1R.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstC.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:35:72:f8:a8:93:25:a2:ad:c3:ab:20:2c:e4:1f:dd:dc:de:ab:b9
Signer

Actual PE Digest

e1:35:72:f8:a8:93:25:a2:ad:c3:ab:20:2c:e4:1f:dd:dc:de:ab:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\271504\free\i386\NicInstC.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstE.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:b0:3f:8f:49:05:18:9d:60:eb:68:c5:49:79:31:59:f3:4c:65:cd
Signer

Actual PE Digest

15:b0:3f:8f:49:05:18:9d:60:eb:68:c5:49:79:31:59:f3:4c:65:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\271551\free\i386\NicInstE.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstG.dll
.dll windows:5 windows x86 arch:x86

e48ee371e0a9b64d94d26e261c974848

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:fe:79:b5:7d:c0:07:8d:4b:8d:17:06:4a:a5:cc:09:70:2c:40:f3
Signer

Actual PE Digest

09:fe:79:b5:7d:c0:07:8d:4b:8d:17:06:4a:a5:cc:09:70:2c:40:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiDestroyDeviceInfoList
SetupDiSetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiGetSelectedDriverA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInstallParamsA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
SetupDiSetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiChangeState
SetupDiGetDeviceInstanceIdA
CM_Get_Device_IDA

kernel32

GetModuleHandleA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemDefaultLangID
WideCharToMultiByte
CreateFileA
CloseHandle
DeviceIoControl
SetLastError
lstrlenA
VerifyVersionInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar

advapi32

RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstK.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:51:cd:df:5b:b6:8f:54:e7:8c:1c:11:b4:0e:31:e6:09:b7:b2:b1
Signer

Actual PE Digest

7a:51:cd:df:5b:b6:8f:54:e7:8c:1c:11:b4:0e:31:e6:09:b7:b2:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\222156\free\i386\NicInstK.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstQ.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:2c:fe:ca:23:0a:dc:06:fb:b2:73:b1:8f:60:b3:22:9e:72:4b:64
Signer

Actual PE Digest

59:2c:fe:ca:23:0a:dc:06:fb:b2:73:b1:8f:60:b3:22:9e:72:4b:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\291161\free\i386\NicInstQ.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/NicInstY.dll
.dll windows:5 windows x86 arch:x86

e98d38ed100c4f08df053d7368474652

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

37:6a:20:dd:fb:6c:a6:f2:e4:16:4e:62:fc:af:a3:05:d7:ea:aa:cc
Signer

Actual PE Digest

37:6a:20:dd:fb:6c:a6:f2:e4:16:4e:62:fc:af:a3:05:d7:ea:aa:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\sandbox\204835\free\i386\NicInstY.pdb

Imports

ntdll

RtlUnwind
VerSetConditionMask

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiSetClassInstallParamsA
SetupDiChangeState
CM_Get_Device_IDA

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
GetSystemPowerStatus
CloseHandle
DeviceIoControl
CreateFileA
GetSystemDefaultLangID
LoadResource
FindResourceExA
WideCharToMultiByte
SetLastError
lstrlenA
VerifyVersionInfoA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
InterlockedExchange
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
Sleep
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
DeregisterEventSource
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA
ReportEventA

user32

MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/RIS_INF/e1000325.zip
.zip
e1000325.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1000nt5.zip
.zip
e1000nt5.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1c5132.zip
.zip
e1c5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1e5132.zip
.zip
e1e5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1k5132.zip
.zip
e1k5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1q5132.zip
.zip
e1q5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1r5132.zip
.zip
e1r5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/e1y5132.zip
.zip
e1y5132.inf
Intel/FORCED/5x86/PRO1000/RIS_INF/readme.txt
Intel/FORCED/5x86/PRO1000/e1000325.cat
Intel/FORCED/5x86/PRO1000/e1000325.din
Intel/FORCED/5x86/PRO1000/e1000325.inf
Intel/FORCED/5x86/PRO1000/e1000msg.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:9e:01:e5:25:94:32:1e:9e:f4:9c:c7:8a:a4:6e:90:14:c4:67:97
Signer

Actual PE Digest

e6:9e:01:e5:25:94:32:1e:9e:f4:9c:c7:8a:a4:6e:90:14:c4:67:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1000nt5.din
Intel/FORCED/5x86/PRO1000/e1c5132.cat
Intel/FORCED/5x86/PRO1000/e1c5132.din
Intel/FORCED/5x86/PRO1000/e1c5132.inf
Intel/FORCED/5x86/PRO1000/e1c5132.sys
.sys windows:5 windows x86 arch:x86

8d449f092ed876f3af2b9e73f225e944

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:ca:45:27:e8:28:2a:2a:68:a3:d6:46:6f:26:b6:f1:03:d0:0e:51
Signer

Actual PE Digest

df:ca:45:27:e8:28:2a:2a:68:a3:d6:46:6f:26:b6:f1:03:d0:0e:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\289488\base\e1c.build\objfre_wnet_x86_ndis5.2\i386\e1c5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
_aulldiv
_allmul
IoFreeMdl
KeInitializeMutex
IoGetDeviceProperty
ZwClose
RtlInitUnicodeString
_vsnwprintf
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_purecall
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMSynchronizeWithInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisFreeMemory
NdisMDeregisterDevice
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisMRemoveMiniport
NdisInitializeString
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisTerminateWrapper
NdisOpenConfiguration
NdisCloseConfiguration
NdisMGetDeviceProperty
NdisMRegisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisReadNetworkAddress
NdisReadConfiguration
NdisSystemProcessorCount
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1cmsg.dll
.dll windows:4 windows x86 arch:x86

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:3f:55:d9:7c:ac:4c:88:af:d1:4a:4c:23:bd:13:36:64:5d:5a:71
Signer

Actual PE Digest

8d:3f:55:d9:7c:ac:4c:88:af:d1:4a:4c:23:bd:13:36:64:5d:5a:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1e5132.cat
Intel/FORCED/5x86/PRO1000/e1e5132.din
Intel/FORCED/5x86/PRO1000/e1e5132.inf
Intel/FORCED/5x86/PRO1000/e1e5132.sys
.sys windows:5 windows x86 arch:x86

1105196505ff77cf5212cf02085a9cee

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:84:0a:30:94:d5:0e:80:b3:ed:f7:82:fe:14:5b:19:f0:37:e7:4b
Signer

Actual PE Digest

ba:84:0a:30:94:d5:0e:80:b3:ed:f7:82:fe:14:5b:19:f0:37:e7:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\269000\intel\base\objfre_wnet_x86\i386\e1e5132.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
ZwOpenFile
MmLockPagableDataSection
MmUnlockPagableImageSection
KeQueryActiveProcessors
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
ZwQueryValueKey
ZwClose
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeQuerySystemTime
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_ULONG
WRITE_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisSystemProcessorCount
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMPciAssignResources
NdisTerminateWrapper
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisMSynchronizeWithInterrupt
NdisGetVersion
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisGetRoutineAddress
NdisMDeregisterInterrupt

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1k5132.cat
Intel/FORCED/5x86/PRO1000/e1k5132.din
Intel/FORCED/5x86/PRO1000/e1k5132.inf
Intel/FORCED/5x86/PRO1000/e1k5132.sys
.sys windows:5 windows x86 arch:x86

ae4a44991b6b14a7cd546a08ca6e6b02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:f7:0b:eb:e9:2e:02:0f:4e:74:e1:fb:3a:7b:97:1b:66:6d:47:dc
Signer

Actual PE Digest

c8:f7:0b:eb:e9:2e:02:0f:4e:74:e1:fb:3a:7b:97:1b:66:6d:47:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\224231\base\e1k.build\objfre_wnet_x86_ndis5.2\i386\e1k5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
_aulldiv
_allmul
IoFreeMdl
KeInitializeSpinLock
IoGetDeviceProperty
ZwClose
RtlInitUnicodeString
_vsnwprintf
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_purecall
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMDeregisterAdapterShutdownHandler
NdisMSynchronizeWithInterrupt
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterDevice
NdisOpenConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisInitializeString
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisReadConfiguration
NdisSystemProcessorCount
NdisFreeMemory
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources
NdisMGetDeviceProperty
NdisTerminateWrapper

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1kmsg.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:07:4e:12:69:d7:dd:b4:d1:d6:33:2e:66:75:dc:e4:92:ab:a0:8a
Signer

Actual PE Digest

7d:07:4e:12:69:d7:dd:b4:d1:d6:33:2e:66:75:dc:e4:92:ab:a0:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1q5132.cat
Intel/FORCED/5x86/PRO1000/e1q5132.din
Intel/FORCED/5x86/PRO1000/e1q5132.inf
Intel/FORCED/5x86/PRO1000/e1q5132.sys
.sys windows:5 windows x86 arch:x86

8d449f092ed876f3af2b9e73f225e944

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:8b:05:de:e9:4c:05:1e:db:f8:45:5b:33:70:b4:c7:60:7e:09:ec
Signer

Actual PE Digest

fa:8b:05:de:e9:4c:05:1e:db:f8:45:5b:33:70:b4:c7:60:7e:09:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\295882\base\e1q.build\objfre_wnet_x86_ndis5.2\i386\e1q5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
_aulldiv
_allmul
IoFreeMdl
KeInitializeMutex
IoGetDeviceProperty
ZwClose
RtlInitUnicodeString
_vsnwprintf
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_purecall
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMSynchronizeWithInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisFreeMemory
NdisMDeregisterDevice
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisMRemoveMiniport
NdisInitializeString
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisTerminateWrapper
NdisOpenConfiguration
NdisCloseConfiguration
NdisMGetDeviceProperty
NdisMRegisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisReadNetworkAddress
NdisReadConfiguration
NdisSystemProcessorCount
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1qmsg.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:da:3f:f6:d1:1b:fe:6e:46:2b:ef:a1:09:4e:0c:33:0a:84:95:98
Signer

Actual PE Digest

a4:da:3f:f6:d1:1b:fe:6e:46:2b:ef:a1:09:4e:0c:33:0a:84:95:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1r5132.cat
Intel/FORCED/5x86/PRO1000/e1r5132.din
Intel/FORCED/5x86/PRO1000/e1r5132.inf
Intel/FORCED/5x86/PRO1000/e1r5132.sys
.sys windows:5 windows x86 arch:x86

8d449f092ed876f3af2b9e73f225e944

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:6c:64:f0:b8:66:69:50:fc:b8:f8:53:b0:5c:71:d5:48:2e:be:91
Signer

Actual PE Digest

6d:6c:64:f0:b8:66:69:50:fc:b8:f8:53:b0:5c:71:d5:48:2e:be:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\297661\base\e1r.build\objfre_wnet_x86_ndis5.2\i386\e1r5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
_aulldiv
_allmul
IoFreeMdl
KeInitializeMutex
IoGetDeviceProperty
ZwClose
RtlInitUnicodeString
_vsnwprintf
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_purecall
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMSynchronizeWithInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisFreeMemory
NdisMDeregisterDevice
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisMRemoveMiniport
NdisInitializeString
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisTerminateWrapper
NdisOpenConfiguration
NdisCloseConfiguration
NdisMGetDeviceProperty
NdisMRegisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisReadNetworkAddress
NdisReadConfiguration
NdisSystemProcessorCount
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1rmsg.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/05/2012, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:06:4a:fa:0b:fd:33:47:ba:cc:e4:01:50:16:a3:ef:e2:7a:37:dd
Signer

Actual PE Digest

8d:06:4a:fa:0b:fd:33:47:ba:cc:e4:01:50:16:a3:ef:e2:7a:37:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/e1y5132.cat
Intel/FORCED/5x86/PRO1000/e1y5132.din
Intel/FORCED/5x86/PRO1000/e1y5132.inf
Intel/FORCED/5x86/PRO1000/e1y5132.sys
.sys windows:5 windows x86 arch:x86

1105196505ff77cf5212cf02085a9cee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:fd:48:c0:80:e6:3a:6c:db:6d:15:13:9d:6a:7c:48:11:bc:38:72
Signer

Actual PE Digest

ac:fd:48:c0:80:e6:3a:6c:db:6d:15:13:9d:6a:7c:48:11:bc:38:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\208236\intel\base\objfre_wnet_x86\i386\e1y5132.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
ZwOpenFile
MmLockPagableDataSection
MmUnlockPagableImageSection
KeQueryActiveProcessors
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
ZwQueryValueKey
ZwClose
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeQuerySystemTime
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_ULONG
WRITE_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisSystemProcessorCount
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMPciAssignResources
NdisTerminateWrapper
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisMSynchronizeWithInterrupt
NdisGetVersion
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisGetRoutineAddress
NdisMDeregisterInterrupt

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/nicco2.dll
.dll windows:5 windows x86 arch:x86

666293f0572c1a59b60f0c445c87ab7d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4d:37:d2:59:e9:30:fe:27:8c:c1:0a:1e:c5:16:78:65:a1:e1:77:fb
Signer

Actual PE Digest

4d:37:d2:59:e9:30:fe:27:8c:c1:0a:1e:c5:16:78:65:a1:e1:77:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

setupapi

SetupDiOpenDevRegKey

kernel32

GetLastError
GetProcAddress
LoadLibraryA
LeaveCriticalSection
FreeLibrary
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateFileA
GetSystemDirectoryA
RegisterWaitForSingleObject
UnregisterWait
CreateEventA
Sleep
SetEvent
ResetEvent
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetModuleFileNameA

advapi32

RegQueryValueExA
RegCloseKey

user32

wsprintfA

Exports

Exports

NicCoInstallerEntry

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Intel/FORCED/5x86/PRO1000/readme.txt

Sharing

General

Malware Config

Signatures

Files

84aead5e8c04d2dea07029bb4a6e9701

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 1024B - Virtual size: 712B

.data Size: 8KB - Virtual size: 8KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

cb7d3f7e84513b9ad0d9e5c18fcd5390

Headers

File Characteristics

Imports

setupapi

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 68KB - Virtual size: 68KB

Headers

File Characteristics

Sections

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 12B

02b30adf3fa8d1c08003e015be2fe5ad

Headers

File Characteristics

Imports

ntdll

setupapi

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 1024B - Virtual size: 702B

0312cad2045a4b4be6a865c822fed8fa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32Certificate

Extended Key Usages

Key Usages

0b:b5:22:1d:17:e3:ba:45:0e:40:35:03:4e:1c:39:4b:ca:bb:22:c8Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 1KB - Virtual size: 1KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 1024B - Virtual size: 712B

.data
Size: 8KB - Virtual size: 8KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 1024B - Virtual size: 702B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

0b:b5:22:1d:17:e3:ba:45:0e:40:35:03:4e:1c:39:4b:ca:bb:22:c8
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 3KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

f2:49:77:48:ad:67:e9:fc:25:14:98:7b:66:f0:b5:b6:cd:81:db:3d
Signer

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

27:76:ab:5c:f2:d0:98:72:f1:ad:05:fb:c3:f2:1a:87
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

88:a9:21:43:f8:0d:f8:e8:b9:fb:68:e1:b9:06:f4:e5:49:19:bc:0b
Signer

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 3KB - Virtual size: 2KB