slimevr_web_installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

slimevr_web_installer.exe
Size

1.8MB
MD5

14b491a8a622cfa3df626fe5009feb72
SHA1

d9756cc7e03e0e602928779df03aebbbdd9f1c4d
SHA256

259f7b62a1c7407f9055406747ef6d94a7eae323f93b5f8b7f6de694d4772eee
SHA512

e7277b618816469e3a201199f1de4d589cbfdc5206603b7b0849720795454e5323ea9153f0f2ccb569d721316156068cd9c196df79b778d7435819ee88ec4357
SSDEEP

49152:u7HxaFX/5FIx8qAJDAR/LKT5VEe0wu8OaQ2nq8v6Jseppk:u7HxaFv5FIGlJOLKdVE98Oa1nqEe8

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/NScurl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341PT.DLL
unpack001/$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S64.SYS
unpack001/$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S98.SYS
unpack001/$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.SYS

Files

slimevr_web_installer.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31-05-2017 18:14

Not After

30-05-2042 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:7b:5a:22:47:9d:e7:25:78:3c:9e:96:ab:11:3c:ce
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

17-08-2023 17:08

Not After

16-08-2024 17:08

Subject

SERIALNUMBER=88165779,CN=SlimeVR B.V.,O=SlimeVR B.V.,L=Amsterdam,ST=North Holland,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19-02-2024 16:18

Not After

16-02-2034 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:5d:6e:5a:34:83:8a:94:da:4d:96:2e:16:7e:10:e0:b4:52:68:6e:48:46:2e:13:b7:a6:d9:36:ee:33:60:2b
Signer

Actual PE Digest

23:5d:6e:5a:34:83:8a:94:da:4d:96:2e:16:7e:10:e0:b4:52:68:6e:48:46:2e:13:b7:a6:d9:36:ee:33:60:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

6b225baf8d24583523d4f42890e12522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
CloseHandle
lstrlenW
lstrcatW
lstrcmpiW
GetFileAttributesW
LocalAlloc
LoadLibraryA
GetCurrentProcess
GetProcAddress
lstrcpyW
GetLastError
LocalFree
GlobalFree
lstrcpynW

user32

wsprintfW

advapi32

GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSidSubAuthority
RegCloseKey
OpenProcessToken
RegGetKeySecurity
LookupAccountSidW
GetSidIdentifierAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
RegOpenKeyExW
RegSetKeySecurity
IsValidSid
GetSecurityDescriptorDacl
GetUserNameW
GetNamedSecurityInfoW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSidSubAuthorityCount
InitializeSecurityDescriptor
LookupAccountNameW
SetEntriesInAclW

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
NameToSid
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NScurl.dll
.dll windows:4 windows x86 arch:x86

a0e0fe306b2adcd03ed4b54c14f7c500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSize
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ResetEvent
SetConsoleMode
SetEvent
SetFilePointer
SetLastError
SizeofResource
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__mb_cur_max
_access
_amsg_exit
_assert
_beginthreadex
_errno
_exit
_fileno
_initterm
_iob
_lock
_onexit
_open
_read
_setmode
_snprintf
_snwprintf
_stat
_stati64
_strdup
_strdup
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_unlink
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atoi
calloc
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
gmtime
getenv
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
qsort
raise
setlocale
realloc
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
time
tolower
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcsstr
wcstombs

user32

CallWindowProcW
CopyRect
CreateDialogParamW
CreateWindowExW
DestroyIcon
DestroyWindow
DispatchMessageW
EnableMenuItem
EnableWindow
FindWindowExW
GetDesktopWindow
GetDlgItem
GetProcessWindowStation
GetPropW
GetSystemMenu
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
IsDialogMessageW
IsWindow
IsWindowEnabled
IsWindowVisible
LoadImageW
MessageBoxW
MsgWaitForMultipleObjects
OffsetRect
PeekMessageW
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetForegroundWindow
SetPropW
SetRectEmpty
SetWindowLongW
SetWindowPos
SetWindowTextW
TranslateMessage
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

cancel
echo
enumerate
escape
http
md5
query
sha1
sha256
unescape
wait

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 231B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341PT.DLL
.dll windows:4 windows x86 arch:x86

f94cd55198e70e43ac10995641c12ba4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetModuleHandleA
GetCommProperties

user32

DefWindowProcA
CharUpperBuffA
ShowWindow
CreateWindowExA
RegisterClassA
DestroyWindow
UnregisterClassA

Exports

Exports

CH341PtGetVersion
CH341PtHandleIsCH341
CH341PtNameIsCH341
CH341PtSetDevNotify

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S64.SYS
.sys windows:5 windows x64 arch:x64

443c9e78c7929fede0f656987bce02ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\project\ch341\winser34\amd64\amd64\CH341S64.pdb

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePool
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
PsTerminateSystemThread
KeSetPriorityThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
ZwClose
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
IoDetachDevice
KeWaitForSingleObject
RtlDeleteRegistryValue
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExReleaseFastMutex
ExAcquireFastMutex
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeBugCheckEx
KeSetEvent
IoQueueWorkItem
IofCallDriver
PoStartNextPowerIrp
IoDeleteSymbolicLink
IofCompleteRequest

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341S98.SYS
.dll windows:4 windows x86 arch:x86

5bd26fa42f206fa9e2851e44a902d4c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
PsCreateSystemThread
IoRegisterDeviceInterface
KeInitializeEvent
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
KeSetEvent
IoDetachDevice
IofCompleteRequest
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
ExFreePool
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
IofCallDriver
RtlFreeUnicodeString
IoSetDeviceInterfaceState
ObfReferenceObject
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
KeClearEvent
PsTerminateSystemThread
RtlCompareMemory
KeSetPriorityThread
KeGetCurrentThread
KeWaitForMultipleObjects
RtlQueryRegistryValues
ExAllocatePool
KeWaitForSingleObject
memmove

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

CH341S98_StartRequest

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.INF
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.SYS
.sys windows:5 windows x86 arch:x86

21511aa4c6e93d74ff7c2ba992008370

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\ch341\winser34\i386\CH341SER.pdb

Imports

ntoskrnl.exe

IoReleaseCancelSpinLock
InterlockedExchangeAdd
IoAcquireCancelSpinLock
InterlockedCompareExchange
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
memmove
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeDelayExecutionThread
PoRequestPowerIrp
KeQuerySystemTime
KeSetTimer
_allmul
ZwClose
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
IoDetachDevice
InterlockedIncrement
RtlDeleteRegistryValue
RtlFreeUnicodeString
InterlockedExchange
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
IoOpenDeviceRegistryKey
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeTickCount
KeBugCheckEx
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
InterlockedDecrement
KeSetEvent
IofCallDriver
IoQueueWorkItem
ExAllocatePool
IoSetDeviceInterfaceState
ExFreePool
PoStartNextPowerIrp
IoDeleteSymbolicLink
IofCompleteRequest

hal

ExReleaseFastMutex
KfAcquireSpinLock
ExAcquireFastMutex
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/CH341SER.VXD
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH341SER/ch341SER.CAT
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343PORTS.dll
.dll windows:5 windows x86 arch:x86

b30185b27f4c0410e3977323d19c5ce7

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:15

Not After

02-12-2021 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:b0:87:a6:ff:42:5a:b9:3a:1f:9c:3e:da:22:bc:4d:30:e2:54:7c:8c:bf:ea:32:2f:c4:5a:fc:25:f6:b0:05
Signer

Actual PE Digest

cc:b0:87:a6:ff:42:5a:b9:3a:1f:9c:3e:da:22:bc:4d:30:e2:54:7c:8c:bf:ea:32:2f:c4:5a:fc:25:f6:b0:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\project\wang\ch343ser\v150t\ch341ser_v140\ch34xports_v110\objfre_w2K_x86\i386\CH343PORTS.pdb

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
wcscspn
wcsspn
_itoa
_wcsupr
wcstombs
strstr
_strupr
wcslen
wcsstr
swprintf
wcscpy
wcscat
wcschr
wcscmp

setupapi

SetupDiGetDeviceInfoListDetailW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupCloseInfFile
SetupInstallFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
SetupDiInstallDevice
CM_Get_DevNode_Status
SetupDiRemoveDevice
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller

user32

CharNextW
SendMessageTimeoutW
wvsprintfW
MessageBoxW
CharPrevW
DialogBoxParamW
ShowWindow
GetDlgCtrlID
IsDlgButtonChecked
GetWindowTextLengthW
GetWindowTextW
CheckDlgButton
SetDlgItemTextW
wsprintfW
SetWindowTextW
GetFocus
SetWindowLongW
EnableWindow
GetWindowLongW
EndDialog
GetParent
SendDlgItemMessageW
GetDlgItem
LoadStringW
CheckRadioButton
WinHelpW
SendMessageW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
GetCurrentProcess
TerminateProcess
GetTickCount
MultiByteToWideChar
DisableThreadLibraryCalls
QueryDosDeviceW
CreateFileW
CloseHandle
DefineDosDeviceW
GetUserDefaultLangID
GetLastError
lstrcatW
GetProfileStringW
lstrlenW
WriteProfileStringW
lstrcmpW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpyW
LocalFree
LocalAlloc
SetLastError
lstrcmpiW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

msports

ComDBReleasePort
ComDBClose
ComDBOpen
ComDBClaimNextFreePort
ComDBClaimPort
ComDBGetCurrentPortUsage

Exports

Exports

ParallelPortPropPageProvider
PortsClassInstaller
SerialPortPropPageProvider

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343PORTSA64.dll
.dll windows:5 windows x64 arch:x64

89e2f5d83715c8b0322045f6f1fab428

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:15

Not After

02-12-2021 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:e1:8a:3b:9c:8f:5d:d1:a9:af:0f:c9:43:eb:6b:b3:3b:15:18:b5:f7:e4:51:68:2f:ef:57:4b:2e:91:e6:af
Signer

Actual PE Digest

6a:e1:8a:3b:9c:8f:5d:d1:a9:af:0f:c9:43:eb:6b:b3:3b:15:18:b5:f7:e4:51:68:2f:ef:57:4b:2e:91:e6:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\project\wang\ch343ser\v150t\ch341ser_v140\ch34xports_v110\objfre_wnet_AMD64\amd64\CH343PORTSA64.pdb

Imports

msvcrt

wcsspn
wcschr
swprintf
wcsstr
malloc
free
_initterm
wcscspn
memset
_itoa
_wcsupr
wcstombs
strstr
_strupr
memcpy

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

setupapi

SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupCloseInfFile
SetupInstallFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
SetupDiInstallDevice
CM_Get_DevNode_Status
SetupDiRemoveDevice
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInfoListDetailW

user32

CharNextW
SendMessageTimeoutW
wvsprintfW
MessageBoxW
CharPrevW
DialogBoxParamW
ShowWindow
GetDlgCtrlID
IsDlgButtonChecked
GetWindowTextLengthW
GetWindowTextW
CheckDlgButton
SetDlgItemTextW
wsprintfW
SetWindowTextW
GetFocus
SetWindowLongPtrW
EnableWindow
GetWindowLongPtrW
EndDialog
GetParent
SendDlgItemMessageW
GetDlgItem
LoadStringW
SendMessageW
CheckRadioButton
WinHelpW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW

kernel32

Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
MultiByteToWideChar
DisableThreadLibraryCalls
lstrcmpiW
CreateFileW
CloseHandle
DefineDosDeviceW
GetUserDefaultLangID
GetLastError
lstrcatW
GetProfileStringW
lstrlenW
WriteProfileStringW
lstrcmpW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpyW
LocalFree
LocalAlloc
SetLastError
QueryDosDeviceW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

msports

ComDBReleasePort
ComDBClose
ComDBOpen
ComDBClaimNextFreePort
ComDBClaimPort
ComDBGetCurrentPortUsage

Exports

Exports

ParallelPortPropPageProvider
PortsClassInstaller
SerialPortPropPageProvider

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343PT.DLL
.dll windows:4 windows x86 arch:x86

8953882542ec086535faf6f379fd1ad4

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:15

Not After

02-12-2021 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:c2:6d:51:fd:8a:69:7d:45:42:61:c8:31:ae:55:4a:a9:3b:cf:d1:c8:63:d2:b1:9a:f7:6e:82:1b:f5:da:d9
Signer

Actual PE Digest

54:c2:6d:51:fd:8a:69:7d:45:42:61:c8:31:ae:55:4a:a9:3b:cf:d1:c8:63:d2:b1:9a:f7:6e:82:1b:f5:da:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommProperties
CloseHandle
CreateFileA
GetModuleHandleA
OutputDebugStringA
PurgeComm
SetCommTimeouts
GetCommTimeouts
SetupComm
GetCommState
WriteFile
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
SetCommState
Sleep
ReadFile
DeviceIoControl
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
RtlUnwind
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
GetLastError
WideCharToMultiByte
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
GetCPInfo
SetFilePointer
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress

user32

RegisterClassA
CreateWindowExA
ShowWindow
CharUpperBuffA
DefWindowProcA
DestroyWindow
UnregisterClassA

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
IsTextUnicode

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

Exports

Exports

CH341PtHandleIsCH341
CH341PtNameIsCH341
CH341PtSetDevNotify
CH343PT_EnterConfigMode
CH343PT_ExitConfigMode
CH343PT_GetChipProperty
CH343PT_GetDeviceDescr
CH343PT_GetICVersion
CH343PT_GetVersion
CH343PT_HandleIsCH34x
CH343PT_McuStartupFromFlash
CH343PT_McuStartupFromSram
CH343PT_McuStartupFromSystem
CH343PT_NameIsCH34x
CH343PT_ReadCfgEeprom_Byte
CH343PT_ReadDevConfig
CH343PT_SetDevNotify
CH343PT_SetMcuStartupMode
CH343PT_SetModemOutLevelOnClosed
CH343PT_WriteCfgEeprom_Byte
CH343PT_WriteDevConfig
CH348_GetGpioConfig
CH348_GpioConfig
CH348_GpioGet
CH348_GpioMGet
CH348_GpioMSet
CH348_GpioSet
CH348_ReadCfgEeprom_Byte
CH348_WriteCfgEeprom_Byte
CH910x_EnableGpioEepromConfig
CH910x_GetGpioConfig
CH910x_GetGpioEepromConfig
CH910x_GpioConfig
CH910x_GpioGet
CH910x_GpioSet
CH910x_SetGpioEepromConfig
DeinitMcuPinCfg
InitMcuPinCfg

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343S64.sys
.sys windows:5 windows x64 arch:x64

4457c664ec9f46fd0cb85e92fdc9c57b

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:15

Not After

02-12-2021 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:cc:a4:8c:81:29:1c:dc:4b:d0:63:e6:b6:6e:67:8d:4a:bb:20:70:41:4d:b7:c6:69:6c:c9:51:d8:a0:05:d1
Signer

Actual PE Digest

81:cc:a4:8c:81:29:1c:dc:4b:d0:63:e6:b6:6e:67:8d:4a:bb:20:70:41:4d:b7:c6:69:6c:c9:51:d8:a0:05:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\project\wang\ch343ser\v150t\ch341ser_v140\objfre_wnet_AMD64\amd64\CH343S64.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePool
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeClearEvent
KeReleaseSpinLock
KeInsertQueueDpc
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
ZwClose
IoOpenDeviceRegistryKey
PsTerminateSystemThread
KeSetPriorityThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
KeSetEvent
IoDeleteSymbolicLink
RtlDeleteRegistryValue
RtlFreeUnicodeString
IoSetDeviceInterfaceState
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExReleaseFastMutex
ExAcquireFastMutex
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeBugCheckEx
IofCallDriver
PoStartNextPowerIrp
IoQueueWorkItem
IofCompleteRequest
IoDetachDevice
RtlGetVersion

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343SER.CAT
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343SER.INF
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CH343SER/CH343SER.sys
.sys windows:5 windows x86 arch:x86

d5a002938622f2d1335a200ccd1e9bb2

Code Sign

33:00:00:00:b5:21:3f:ca:1e:4a:a0:3d:e4:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:15

Not After

02-12-2021 22:15

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:5b:03:b8:3f:5f:d7:75:cb:c3:50:ef:c3:8e:a3:ed:5f:5f:b7:63:34:5c:e7:d2:72:85:bb:8b:da:85:57:48
Signer

Actual PE Digest

ef:5b:03:b8:3f:5f:d7:75:cb:c3:50:ef:c3:8e:a3:ed:5f:5f:b7:63:34:5c:e7:d2:72:85:bb:8b:da:85:57:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project\wang\ch343ser\v150t\ch341ser_v140\objfre_w2K_x86\i386\CH343SER.pdb

Imports

ntoskrnl.exe

IoReleaseCancelSpinLock
InterlockedExchangeAdd
IoAcquireCancelSpinLock
InterlockedCompareExchange
KeClearEvent
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
memmove
ZwClose
IoOpenDeviceRegistryKey
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeDelayExecutionThread
PoRequestPowerIrp
KeSetTimer
KeQuerySystemTime
_allmul
PsCreateSystemThread
IoDeleteDevice
IoGetConfigurationInformation
IoDetachDevice
InterlockedIncrement
RtlDeleteRegistryValue
RtlFreeUnicodeString
InterlockedExchange
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeWaitForMultipleObjects
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
IoFreeWorkItem
PoSetPowerState
PoCallDriver
IoWMIRegistrationControl
IoAllocateWorkItem
DbgPrint
KeTickCount
KeBugCheckEx
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
InterlockedDecrement
KeSetEvent
IofCallDriver
IoQueueWorkItem
ExAllocatePool
IoSetDeviceInterfaceState
ExFreePool
PoStartNextPowerIrp
IoDeleteSymbolicLink
IofCompleteRequest

hal

ExReleaseFastMutex
KfRaiseIrql
ExAcquireFastMutex
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/arm/silabser.sys
.sys windows:10 windows

21efa13888d1a8f6413d1e99ead81f4f

Code Sign

68:67:9f:b8:6d:73:92:0e:bd:91:07:a0:b9:da:24:d9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-10-2018 00:00

Not After

07-11-2021 23:59

Subject

CN=Silicon Laboratories Inc.,O=Silicon Laboratories Inc.,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:47

Not After

05-03-2021 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:a9:e7:55:f3:c3:e5:80:e5:f0:94:9d:73:62:50:d9:01:5c:bd:a6:1a:a6:c3:4f:0d:e7:5e:14:06:f4:87:4d
Signer

Actual PE Digest

a8:a9:e7:55:f3:c3:e5:80:e5:f0:94:9d:73:62:50:d9:01:5c:bd:a6:1a:a6:c3:4f:0d:e7:5e:14:06:f4:87:4d

Digest Algorithm

sha256

PE Digest Matches

true

a8:a9:e7:55:f3:c3:e5:80:e5:f0:94:9d:73:62:50:d9:01:5c:bd:a6:1a:a6:c3:4f:0d:e7:5e:14:06:f4:87:4d
Signer

Actual PE Digest

a8:a9:e7:55:f3:c3:e5:80:e5:f0:94:9d:73:62:50:d9:01:5c:bd:a6:1a:a6:c3:4f:0d:e7:5e:14:06:f4:87:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\shirnewargs\.jenkins\workspace\Host_Software_Windows_Build\host\driver\silabser\windows\Release\ARM\silabser.pdb

Imports

ntoskrnl.exe

RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlInitUnicodeString
IoGetConfigurationInformation
RtlIsNtDdiVersionAvailable
KeQuerySystemTime
IoWriteErrorLogEntry
KeReleaseSpinLock
IoAllocateErrorLogEntry
ExFreePoolWithTag
ExAllocatePoolWithTag
MmQuerySystemSize
KeDelayExecutionThread
RtlCopyUnicodeString
DbgPrintEx
_vsnwprintf
ExAllocatePoolWithQuotaTag
IofCompleteRequest
KeAcquireSpinLockRaiseToDpc
RtlAssert

hal

KeQueryPerformanceCounter
KeGetCurrentIrql

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGESRP0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/arm64/silabser.sys
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/silabser.cat
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/silabser.inf
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/x64/silabser.sys
.sys windows:10 windows x64 arch:x64

f40cfe2b384f9ee8c785b2d7798bd307

Code Sign

68:67:9f:b8:6d:73:92:0e:bd:91:07:a0:b9:da:24:d9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-10-2018 00:00

Not After

07-11-2021 23:59

Subject

CN=Silicon Laboratories Inc.,O=Silicon Laboratories Inc.,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:47

Not After

05-03-2021 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:80:bf:fd:4f:b1:93:8c:22:4d:7e:5d:1a:9f:11:70:6d:2c:42:91:48:10:f4:b4:72:88:b9:fd:a7:30:47:84
Signer

Actual PE Digest

a8:80:bf:fd:4f:b1:93:8c:22:4d:7e:5d:1a:9f:11:70:6d:2c:42:91:48:10:f4:b4:72:88:b9:fd:a7:30:47:84

Digest Algorithm

sha256

PE Digest Matches

true

a8:80:bf:fd:4f:b1:93:8c:22:4d:7e:5d:1a:9f:11:70:6d:2c:42:91:48:10:f4:b4:72:88:b9:fd:a7:30:47:84
Signer

Actual PE Digest

a8:80:bf:fd:4f:b1:93:8c:22:4d:7e:5d:1a:9f:11:70:6d:2c:42:91:48:10:f4:b4:72:88:b9:fd:a7:30:47:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\shirnewargs\.jenkins\workspace\Host_Software_Windows_Build\host\driver\silabser\windows\Release\x64\silabser.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlIsNtDdiVersionAvailable
IoGetConfigurationInformation
MmQuerySystemSize
KeReleaseSpinLock
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExFreePoolWithTag
ExAllocatePoolWithTag
KeDelayExecutionThread
RtlCopyUnicodeString
DbgPrintEx
RtlAnsiCharToUnicodeChar
ExAllocatePoolWithQuotaTag
IofCompleteRequest
KeAcquireSpinLockRaiseToDpc
RtlAssert

hal

KeQueryPerformanceCounter

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGESRP0
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SlimeVRInstaller/slimevr_usb_drivers_inst/CP201x/x86/silabser.sys
.sys windows:10 windows x86 arch:x86

5ce1843ab174f6966de8e188c2213f1c

Code Sign

68:67:9f:b8:6d:73:92:0e:bd:91:07:a0:b9:da:24:d9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-10-2018 00:00

Not After

07-11-2021 23:59

Subject

CN=Silicon Laboratories Inc.,O=Silicon Laboratories Inc.,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:47

Not After

05-03-2021 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:e0:1c:b6:b1:68:e1:35:02:8a:fc:f1:a4:7e:ca:1e:e3:51:84:aa:1b:5e:5e:9d:12:43:77:21:7e:cd:b5:56
Signer

Actual PE Digest

1f:e0:1c:b6:b1:68:e1:35:02:8a:fc:f1:a4:7e:ca:1e:e3:51:84:aa:1b:5e:5e:9d:12:43:77:21:7e:cd:b5:56

Digest Algorithm

sha256

PE Digest Matches

true

1f:e0:1c:b6:b1:68:e1:35:02:8a:fc:f1:a4:7e:ca:1e:e3:51:84:aa:1b:5e:5e:9d:12:43:77:21:7e:cd:b5:56
Signer

Actual PE Digest

1f:e0:1c:b6:b1:68:e1:35:02:8a:fc:f1:a4:7e:ca:1e:e3:51:84:aa:1b:5e:5e:9d:12:43:77:21:7e:cd:b5:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\shirnewargs\.jenkins\workspace\Host_Software_Windows_Build\host\driver\silabser\windows\Release\x86\silabser.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
MmQuerySystemSize
RtlInitUnicodeString
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlIsNtDdiVersionAvailable
IoGetConfigurationInformation
ExAllocatePoolWithTag
KeInitializeSpinLock
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
_aulldiv
KeQuerySystemTime
KeDelayExecutionThread
memset
memcpy
ExAllocatePoolWithQuotaTag
IofCompleteRequest
RtlCopyUnicodeString
DbgPrintEx
RtlAnsiCharToUnicodeChar
_allmul
_alldiv
memmove
RtlAssert

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamvr.ps1
.ps1

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

54:7b:5a:22:47:9d:e7:25:78:3c:9e:96:ab:11:3c:ceCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

23:5d:6e:5a:34:83:8a:94:da:4d:96:2e:16:7e:10:e0:b4:52:68:6e:48:46:2e:13:b7:a6:d9:36:ee:33:60:2bSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 164KB

.rsrc Size: 88KB - Virtual size: 87KB

6b225baf8d24583523d4f42890e12522

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1KB - Virtual size: 1KB

a0e0fe306b2adcd03ed4b54c14f7c500

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

user32

version

ws2_32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 508KB - Virtual size: 507KB

.eh_fram Size: 366KB - Virtual size: 365KB

.bss Size: - Virtual size: 17KB

.edata Size: 512B - Virtual size: 231B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 210KB - Virtual size: 210KB

.reloc Size: 75KB - Virtual size: 74KB

509a34b3a68a773e0afb4259e68f9f82

56:b6:29:cd:34:bc:78:f6
Certificate

54:7b:5a:22:47:9d:e7:25:78:3c:9e:96:ab:11:3c:ce
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

23:5d:6e:5a:34:83:8a:94:da:4d:96:2e:16:7e:10:e0:b4:52:68:6e:48:46:2e:13:b7:a6:d9:36:ee:33:60:2b
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 164KB

.rsrc
Size: 88KB - Virtual size: 87KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 508KB - Virtual size: 507KB

.eh_fram
Size: 366KB - Virtual size: 365KB

.bss
Size: - Virtual size: 17KB

.edata
Size: 512B - Virtual size: 231B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 210KB - Virtual size: 210KB

.reloc
Size: 75KB - Virtual size: 74KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B