6b6687ff9e686e1b823732a8013e6007_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6b6687ff9e686e1b823732a8013e6007_JaffaCakes118
Size

22.9MB
MD5

6b6687ff9e686e1b823732a8013e6007
SHA1

b6f73972f944235558441af1ba5984655be21947
SHA256

ce55742ff52a2aa355d194f70d8c296b1bbdeb513af14109de2a6a6bfb2468c1
SHA512

e3f3117b3d2c9448e781ffeb2a57f296221bca6f491bee7290c2687b99497d47e561a7819229ade6358e56ab9dda4fefa8ea9d00a9a57a1d5a3ee78b5c34fa14
SSDEEP

393216:9R4zWxQLOTPoYZSgIDI5Ym3yvWFBax5ivgTHU+gwsSvdH0mmHAna3O14xVyAhvrG:9R4rgQYZBIDI59CP5OgTDgwsSVUmzaeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ConnectorVPN/AxInterop.APPCTRLLib.dll
unpack001/ConnectorVPN/DotRas.dll
unpack001/ConnectorVPN/Interop.APPCTRLLib.dll
unpack001/ConnectorVPN/Modem/Driver/X86/ew_cdcacm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_cdcecm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_hwupgrade.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_hwusbdev.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_jubusenum.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_jucdcacm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_jucdcecm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_juextctrl.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_juwwanecm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_usbenumfilter.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ew_wwanecm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ewdcsc.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ewusbmdm.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ewusbnet.sys
unpack001/ConnectorVPN/Modem/Driver/X86/ewusbwwan.sys
unpack001/ConnectorVPN/Modem/Driver/X86/hwgpssensor.dll
unpack001/ConnectorVPN/Modem/Driver/X86/mod7700.sys
unpack001/ConnectorVPN/Modem/Driver/X86/usbccid.sys
unpack001/ConnectorVPN/Plugin/BIGIPEdgeClient-API.exe
unpack001/ConnectorVPN/Plugin/F5.Componnet.Installer.11.5.1hf4.exe
unpack001/ConnectorVPN/VPN.exe
unpack001/ConnectorVPN/WelcomeMonaco.exe
unpack001/ConnectorVPN/WelcomeTEFCont.exe
unpack001/ContingenciaVendas/F5_VPN.exe

Files

6b6687ff9e686e1b823732a8013e6007_JaffaCakes118
.zip
ConnectorVPN/AxInterop.APPCTRLLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Certificados/Class 3 Public Primary Certification Authority.cer
ConnectorVPN/Certificados/SVRSecureG3.cer
ConnectorVPN/Certificados/Thawte Server CA.cer
ConnectorVPN/Certificados/Thawte Timestamping CA.cer
ConnectorVPN/Certificados/VeriSign Class 3 International Server CA - G3.cer
ConnectorVPN/Certificados/VeriSign Class 3 Public Primary Certification Authority - G5 CA.cer
ConnectorVPN/Certificados/VeriSign Class 3 Public Primary Certification Authority - G5.cer
ConnectorVPN/Certificados/pca3-g5-3.cer
ConnectorVPN/Certificados/thawte_Primary_Root_CA.cer
ConnectorVPN/ConfigAPNs.config
ConnectorVPN/DotRas.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/DotRas.xml
.xml
ConnectorVPN/Install/InstallSolution_VPN_F5.bat
ConnectorVPN/Interop.APPCTRLLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/WdfCoInstaller01007.dll
.dll windows:6 windows x86 arch:x86

9aa2546c4dfe543e11dbbf7cb79c00c5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84
Signer

Actual PE Digest

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01007.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupPromptReboot
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree
VerifyVersionInfoW
VerSetConditionMask

advapi32

RegQueryValueExW
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfigW
UnlockServiceDatabase
QueryServiceConfigW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1019KB - Virtual size: 1019KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_busfilter.inf
ConnectorVPN/Modem/Driver/X86/ew_cdcacm.cat
ConnectorVPN/Modem/Driver/X86/ew_cdcacm.inf
ConnectorVPN/Modem/Driver/X86/ew_cdcacm.sys
.sys windows:6 windows x86 arch:x86

00df76bbd03eb78c2f1fe3c4e42bd85c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\5.01.03.00\huawei\src\build\sys\objfre_wxp_x86\i386\ew_cdcacm.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoSetDeviceInterfaceState
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoFreeWorkItem
memset
KeSetTimerEx
KeCancelTimer
wcsstr
IofCompleteRequest
InterlockedExchange
IoCancelIrp
KeSetEvent
KeClearEvent
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
ExAllocatePoolWithTag
IoGetDeviceProperty
KeRemoveQueueDpc
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoQueueWorkItem
KeInitializeSpinLock
KeInitializeDpc
KeInitializeTimer
IoAllocateWorkItem
KeInitializeEvent
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IofCallDriver
KeInsertQueueDpc
MmMapLockedPagesSpecifyCache
memcpy
KeSetTimer
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
PoCallDriver
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ZwQueryValueKey
ZwOpenKey
IoOpenDeviceRegistryKey
ZwCreateKey
RtlCopyUnicodeString
IoReuseIrp
IoFreeIrp
InterlockedDecrement
KeDelayExecutionThread
DbgPrint
IoAllocateIrp
PoStartNextPowerIrp
InterlockedIncrement
PoRequestPowerIrp
PsGetVersion
_vsnwprintf

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 449B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_cdcecm.cat
ConnectorVPN/Modem/Driver/X86/ew_cdcecm.inf
ConnectorVPN/Modem/Driver/X86/ew_cdcecm.sys
.sys windows:6 windows x86 arch:x86

3a5eb98e61d68ac3e166cd3c92e979a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\5.01.02.00\huawei\src\build\sys\objfre_wxp_x86\i386\ew_cdcecm.pdb

Imports

ntoskrnl.exe

IoFreeMdl
InterlockedIncrement
MmMapLockedPagesSpecifyCache
InterlockedDecrement
InterlockedExchange
KeQueryInterruptTime
ExfInterlockedInsertHeadList
RtlCopyUnicodeString
_vsnprintf
memcpy
RtlCreateSecurityDescriptor
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
ProbeForWrite
ProbeForRead
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeBugCheckEx
strncmp
KeInitializeEvent
KeClearEvent
IoQueueWorkItem
RtlWriteRegistryValue
KeRemoveQueueDpc
KeCancelTimer
KeSetTimer
KeInsertQueueDpc
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
IofCallDriver
KeWaitForSingleObject
IoAllocateWorkItem
KeInitializeDpc
KeInitializeTimer
memset
ExAllocatePoolWithTag
ExfInterlockedInsertTailList
KeSetEvent
IofCompleteRequest
IoFreeWorkItem
KeTickCount
IoGetDeviceProperty
ExFreePoolWithTag
DbgPrint
ZwClose
IoBuildDeviceIoControlRequest
PoCallDriver
PoRequestPowerIrp
PoStartNextPowerIrp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwQueryValueKey
ZwOpenKey
IoOpenDeviceRegistryKey
ZwCreateKey
IoReuseIrp
IoFreeIrp
IoCancelIrp
KeInitializeSpinLock
IoAllocateIrp
ZwOpenFile
RtlRandom
PsGetVersion
RtlUnwind
_vsnwprintf
ZwSetSecurityObject

hal

ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex

ndis.sys

NdisWriteConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisOpenConfiguration
NdisAllocateBuffer
NdisAllocatePacket
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMSleep
NdisReadNetworkAddress
NdisAllocatePacketPool
NdisFreePacket
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterDevice
NdisAllocateMemoryWithTag
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisMGetDeviceProperty
NdisMRegisterDevice
NdisAllocateBufferPool
NdisFreeMemory

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_cdcmdm.inf
ConnectorVPN/Modem/Driver/X86/ew_hwupgrade.cat
ConnectorVPN/Modem/Driver/X86/ew_hwupgrade.inf
ConnectorVPN/Modem/Driver/X86/ew_hwupgrade.sys
.sys windows:6 windows x86 arch:x86

1a1b9fd582b19a79564f00aaf72e299b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\Windows_Branch\lb_WinDriver_4_20_06_00\Common\Upgrade\V1_00_00_00\V1_00_00_00\lib\objfre_wxp_x86\i386\ew_hwupgrade.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCopyUnicodeString
KeTickCount
DbgPrint
memcpy
memset

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 878B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_hwusbdev.cat
ConnectorVPN/Modem/Driver/X86/ew_hwusbdev.inf
ConnectorVPN/Modem/Driver/X86/ew_hwusbdev.sys
.sys windows:6 windows x86 arch:x86

41252f96bd8abf8c927bbb0b9bb2c577

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.14.00\common\switcher\2038\objfre_wxp_x86\i386\qcusbser.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

IoFreeIrp
ExFreePoolWithTag
DbgPrint
IoReleaseCancelSpinLock
IofCompleteRequest
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoReuseIrp
IoAllocateIrp
ZwClose
KeClearEvent
ObfDereferenceObject
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
RtlInitUnicodeString
ExGetPreviousMode
ZwOpenKey
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PsTerminateSystemThread
IoSetDeviceInterfaceState
ObReferenceObjectByHandle
PsCreateSystemThread
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
ZwSetValueKey
IoOpenDeviceRegistryKey
memcpy
IoDeleteDevice
KeSetEvent
RtlCompareMemory
IoGetDeviceProperty
IoRegisterDeviceInterface
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
KeQuerySystemTime
RtlDeleteRegistryValue
ZwQueryValueKey
sprintf
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
isprint
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
IoDetachDevice
RtlUnwind
PsThreadType

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_hwusbdevcfg.cat
ConnectorVPN/Modem/Driver/X86/ew_hwusbdevcfg.inf
ConnectorVPN/Modem/Driver/X86/ew_jubusenum.cat
ConnectorVPN/Modem/Driver/X86/ew_jubusenum.inf
ConnectorVPN/Modem/Driver/X86/ew_jubusenum.sys
.sys windows:6 windows x86 arch:x86

1763377db5a4b29901edec4cfadb448d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lb_windriver_4_25_17_04\jungo\cdc\wwan\v2_6_2_31\build\sys\winnt\objfre_wxp_x86\i386\ew_jubusenum.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlCompareUnicodeString
memcpy
KeDelayExecutionThread
RtlUpcaseUnicodeChar
memset
strstr
strncpy
IoRaiseInformationalHardError
IoSetThreadHardErrorMode
KeTickCount
KeBugCheckEx
_allmul
RtlInitUnicodeString
RtlAnsiCharToUnicodeChar
MmGetSystemRoutineAddress
RtlCopyUnicodeString
DbgPrint

hal

KeGetCurrentIrql

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_jucdcacm.cat
ConnectorVPN/Modem/Driver/X86/ew_jucdcacm.inf
ConnectorVPN/Modem/Driver/X86/ew_jucdcacm.sys
.sys windows:6 windows x86 arch:x86

28007af2dd759c9d8fff8673601f3f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lb_windriver_4_25_17_04\jungo\cdc\wwan\v2_6_2_31\build\sys\winnt\objfre_wxp_x86\i386\ew_jucdcacm.pdb

Imports

ntoskrnl.exe

RtlGetVersion
MmGetSystemRoutineAddress
ZwClose
RtlDeleteRegistryValue
RtlEqualUnicodeString
ExFreePoolWithTag
ZwEnumerateValueKey
ExAllocatePoolWithTag
ZwQueryKey
ZwOpenKey
memcpy
IoGetConfigurationInformation
RtlWriteRegistryValue
IoDeleteSymbolicLink
ZwQueryValueKey
_wcsnicmp
PsGetVersion
RtlTimeToTimeFields
KeQuerySystemTime
IoCreateSymbolicLink
RtlCompareUnicodeString
wcsrchr
KeDelayExecutionThread
KeSetEvent
IofCompleteRequest
KeWaitForSingleObject
KeInitializeEvent
KeTickCount
KeBugCheckEx
RtlInitUnicodeString
DbgPrint
RtlCopyUnicodeString
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
RtlUnicodeStringToInteger
memset
ExAllocatePool
_allmul

hal

KeGetCurrentIrql

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_jucdcecm.cat
ConnectorVPN/Modem/Driver/X86/ew_jucdcecm.inf
ConnectorVPN/Modem/Driver/X86/ew_jucdcecm.sys
.sys windows:6 windows x86 arch:x86

ea32c59444799a6d9b44ef3a6b4cc1a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lb_windriver_4_25_17_04\jungo\cdc\wwan\v2_6_2_31\build\sys\winnt\objfre_wxp_x86\i386\ew_jucdcecm.pdb

Imports

ntoskrnl.exe

RtlWriteRegistryValue
_aulldiv
MmMapLockedPagesSpecifyCache
DbgPrint
IoGetDeviceProperty
KeInitializeEvent
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
ZwOpenKey
RtlInitUnicodeString
ZwSetValueKey
ZwClose
memcpy
ExfInterlockedInsertTailList
KeQueryInterruptTime
KeInitializeSpinLock
RtlUnicodeStringToInteger
RtlCopyUnicodeString
KeBugCheckEx
KeTickCount
_alldiv
_allmul
ExfInterlockedInsertHeadList
ExfInterlockedRemoveHeadList
memset
IoFreeMdl
RtlAnsiCharToUnicodeChar

ndis.sys

NdisMDeregisterAdapterShutdownHandler
NdisWaitEvent
NdisSetEvent
NdisReadNetworkAddress
NdisInitializeWrapper
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisAllocateMemoryWithTag
NdisMGetDeviceProperty
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisFreePacket
NdisFreeMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisAllocatePacket
NdisMSleep
NdisAllocateBuffer

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

wdfldr.sys

WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_jucdcmdm.cat
ConnectorVPN/Modem/Driver/X86/ew_jucdcmdm.inf
ConnectorVPN/Modem/Driver/X86/ew_juextctrl.cat
ConnectorVPN/Modem/Driver/X86/ew_juextctrl.inf
ConnectorVPN/Modem/Driver/X86/ew_juextctrl.sys
.sys windows:6 windows x86 arch:x86

4754df287a56ad8e25591c14a5aab9d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lb_windriver_4_25_17_04\jungo\cdc\wwan\v2_6_2_31\build\sys\winnt\objfre_wxp_x86\i386\ew_juextctrl.pdb

Imports

ntoskrnl.exe

RtlCompareUnicodeString
KeTickCount
KeBugCheckEx
memcpy
_allmul
RtlUnicodeStringToInteger
RtlInitUnicodeString
DbgPrint
RtlCopyUnicodeString
memset
RtlAnsiCharToUnicodeChar

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 774B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_juwwanecm.cat
ConnectorVPN/Modem/Driver/X86/ew_juwwanecm.inf
ConnectorVPN/Modem/Driver/X86/ew_juwwanecm.sys
.sys windows:6 windows x86 arch:x86

12d3006078617fdda4f0efaaf684a72a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.22.00\jungo\cdc\wwan\v2_6_2_31\build\sys\winnt\objfre_win7_x86\i386\ew_jucdcecm.pdb

Imports

ntoskrnl.exe

RtlFreeUnicodeString
RtlStringFromGUID
RtlCompareMemory
_chkstk
MmMapLockedPagesSpecifyCache
_aulldiv
RtlUnicodeStringToInteger
RtlWriteRegistryValue
IoGetDeviceProperty
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlAppendUnicodeToString
ZwOpenKey
RtlInitUnicodeString
ZwSetValueKey
ZwClose
memcpy
ExfInterlockedInsertTailList
KeQueryInterruptTime
KeInitializeSpinLock
ExFreePoolWithTag
KeBugCheckEx
KeTickCount
_alldiv
_allmul
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
memset
DbgPrint
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
ExAllocatePoolWithTag
KeSetEvent
KeInitializeMutex
KeWaitForSingleObject
KeReleaseMutex
KeDelayExecutionThread
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
KeQueryTimeIncrement

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisReadNetworkAddress
NdisMOidRequestComplete
NdisReadConfiguration
NdisCloseConfiguration
NdisMSendNetBufferListsComplete
NdisAllocateNetBufferAndNetBufferList
NdisWriteConfiguration
NdisMGetDeviceProperty
NdisFreeNetBufferList
NdisFreeMdl
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisMSleep
NdisWaitEvent
NdisSetEvent
NdisFreeMemory
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisMIndicateStatusEx
NdisMRegisterMiniportDriver
NdisMSetMiniportAttributes
NdisMDeregisterMiniportDriver
NdisMIndicateReceiveNetBufferLists
NdisAllocateMdl

netio.sys

CancelMibChangeNotify2
FreeMibTable
CreateUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
DeleteUnicastIpAddressEntry
GetUnicastIpAddressTable
CreateIpForwardEntry2
InitializeIpForwardEntry
DeleteIpForwardEntry2
GetIpForwardTable2
NotifyIpInterfaceChange
ConvertInterfaceLuidToGuid

wdfldr.sys

WdfVersionBindClass
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBind

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_usbenumfilter.cat
ConnectorVPN/Modem/Driver/X86/ew_usbenumfilter.sys
.sys windows:6 windows x86 arch:x86

0e6a11835d484b5311859d33f8c41f3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.13.00\compositefilter\v1_00_00_00_00\objfre_wxp_x86\i386\ew_usbenumfilter.pdb

Imports

ntoskrnl.exe

IoInitializeRemoveLockEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
IofCallDriver
IofCompleteRequest
IoAcquireRemoveLockEx
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
DbgPrint
KeWaitForSingleObject
KeInitializeEvent
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
RtlCompareMemory
memcpy
memset
IoFreeIrp
ExFreePoolWithTag
IoAllocateIrp
_wcsnicmp
swprintf
ExAllocatePool
ZwQueryValueKey
ZwClose
RtlInitUnicodeString
ZwOpenKey
KeClearEvent
KeTickCount
MmGetSystemRoutineAddress
PsGetVersion

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ew_wwanecm.cat
ConnectorVPN/Modem/Driver/X86/ew_wwanecm.inf
ConnectorVPN/Modem/Driver/X86/ew_wwanecm.sys
.sys windows:6 windows x86 arch:x86

8e83fa6e6e28cb644c1b3cb017839bb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\5.01.03.00\huawei\src\build\sys\objfre_win7_x86\i386\ew_wwanecm.pdb

Imports

ntoskrnl.exe

ProbeForWrite
ProbeForRead
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoAllocateMdl
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ObfDereferenceObject
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ExFreePool
ZwSetValueKey
ZwOpenKey
MmProbeAndLockPages
MmUnlockPages
RtlUnwind
IoFreeMdl
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
RtlCreateSecurityDescriptor
ZwClose
_vsnprintf
RtlCopyUnicodeString
ExfInterlockedInsertHeadList
MmMapLockedPagesSpecifyCache
KeQueryInterruptTime
RtlCompareMemory
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
memcpy
strncmp
KeClearEvent
IoQueueWorkItem
RtlWriteRegistryValue
KeWaitForSingleObject
KeRemoveQueueDpc
KeSetEvent
KeCancelTimer
KeSetTimer
KeInsertQueueDpc
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
IoAllocateWorkItem
KeInitializeDpc
_vsnwprintf
RtlRandom
InterlockedExchangeAdd
ZwSetSecurityObject
ZwOpenFile
KeInitializeTimer
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
ExfInterlockedInsertTailList
IofCompleteRequest
IoFreeWorkItem
KeTickCount
IoGetDeviceProperty
ExFreePoolWithTag
memset
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwCreateKey
IofCallDriver
IoReuseIrp
IoFreeIrp
IoCancelIrp
KeInitializeSpinLock
IoAllocateIrp
isspace
isprint
PoStartNextPowerIrp
PoRequestPowerIrp
PoCallDriver
IoBuildDeviceIoControlRequest
PsGetVersion
DbgPrint
KeBugCheckEx
KeInitializeEvent

hal

KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex

ndis.sys

NdisFreeNetBufferList
NdisFreeMdl
NdisCloseConfiguration
NdisWriteConfiguration
NdisOpenConfigurationEx
NdisFreeMemory
NdisMGetDeviceProperty
NdisMRegisterMiniportDriver
NdisMSetMiniportAttributes
NdisAllocateTimerObject
NdisSetTimerObject
NdisAllocateMemoryWithTag
NdisCancelTimerObject
NdisFreeTimerObject
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisReadNetworkAddress
NdisReadConfiguration
NdisMSendNetBufferListsComplete
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisMDeregisterMiniportDriver
NdisMIndicateReceiveNetBufferLists
NdisMIndicateStatusEx
NdisMSleep
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisAllocateMemoryWithTagPriority

netio.sys

FreeMibTable
CreateUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
DeleteUnicastIpAddressEntry
GetUnicastIpAddressTable
CreateIpForwardEntry2
InitializeIpForwardEntry
DeleteIpForwardEntry2
GetIpForwardTable2

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ewdcsc.cat
ConnectorVPN/Modem/Driver/X86/ewdcsc.inf
ConnectorVPN/Modem/Driver/X86/ewdcsc.sys
.sys windows:6 windows x86 arch:x86

18d53781b7be44c6d331757ee5159f1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qualunitary\pcsc\objfre_wxp_x86\i386\ewdcsc.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoReuseIrp
IoAllocateIrp
RtlQueryRegistryValues
KeClearEvent
InterlockedIncrement
InterlockedDecrement
ObfDereferenceObject
PsTerminateSystemThread
IoBuildDeviceIoControlRequest
IoFreeWorkItem
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
InterlockedExchange
KeCancelTimer
IoFreeIrp
IoSetDeviceInterfaceState
IoQueueWorkItem
IoAllocateWorkItem
KeSetTimerEx
PoStartNextPowerIrp
PoCallDriver
PoRequestPowerIrp
IoCancelIrp
IoWMIRegistrationControl
ZwQueryValueKey
KeTickCount
KeBugCheckEx
IoReleaseCancelSpinLock
IofCompleteRequest
IoOpenDeviceRegistryKey
DbgPrint
memset
KeSetEvent
memmove
RtlFreeUnicodeString
IoAcquireCancelSpinLock
RtlInitUnicodeString
IoCreateDevice
KeInitializeSpinLock
KeInitializeEvent
PoSetPowerState
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
KeInitializeDpc
KeInitializeTimerEx
IoDetachDevice
IoDeleteDevice
memcpy
ExFreePoolWithTag
PsGetVersion
MmGetSystemRoutineAddress
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

smclib.sys

SmartcardT0Request
SmartcardT0Reply
SmartcardAcquireRemoveLock
SmartcardDeviceControl
SmartcardT1Reply
SmartcardReleaseRemoveLockWithTag
SmartcardAcquireRemoveLockWithTag
SmartcardSetDebugLevel
SmartcardLogError
SmartcardInitialize
SmartcardT1Request
SmartcardReleaseRemoveLock
SmartcardUpdateCardCapabilities

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ewmdm2k.cat
ConnectorVPN/Modem/Driver/X86/ewmdm2k.inf
ConnectorVPN/Modem/Driver/X86/ewnet.inf
ConnectorVPN/Modem/Driver/X86/ewser2k.cat
ConnectorVPN/Modem/Driver/X86/ewser2k.inf
ConnectorVPN/Modem/Driver/X86/ewsmartcard.cat
ConnectorVPN/Modem/Driver/X86/ewsmartcard.inf
ConnectorVPN/Modem/Driver/X86/ewusbmdm.sys
.sys windows:6 windows x86 arch:x86

a334a383a8ed99f89aa0b4010740076b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lb_windriver_4_25_17_04\qualcommm\modem\2038\objfre_wxp_x86\i386\ewusbmdm.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
DbgPrint
ExFreePoolWithTag
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoReleaseCancelSpinLock
IoFreeIrp
KeSetEvent
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memcpy
memset
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoReuseIrp
IoAllocateIrp
RtlCompareUnicodeString
ZwClose
ExGetPreviousMode
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ObfDereferenceObject
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
KeClearEvent
IoAcquireRemoveLockEx
KeGetCurrentThread
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeQueryPriorityThread
KeSetPriorityThread
PsTerminateSystemThread
ObReferenceObjectByHandle
PsCreateSystemThread
ZwSetValueKey
ZwOpenKey
IoDeleteDevice
IoDetachDevice
IoCreateUnprotectedSymbolicLink
RtlCompareMemory
IoGetDeviceProperty
IoRegisterDeviceInterface
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
KeQuerySystemTime
ZwQueryValueKey
RtlTimeToTimeFields
MmGetSystemRoutineAddress
isprint
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
KeReadStateTimer
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoWMIRegistrationControl
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
_vsnprintf
RtlUnwind
PsGetVersion

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ewusbnet.cat
ConnectorVPN/Modem/Driver/X86/ewusbnet.sys
.sys windows:6 windows x86 arch:x86

56382c43c80a0430202bafd35cdaba0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.14.00\qualcommm\ndis\1029\build\target\objfre_wxp_x86\i386\ewusbnet.pdb

Imports

ntoskrnl.exe

strrchr
RtlInitAnsiString
ExAllocatePool
KeSetPriorityThread
KeGetCurrentThread
MmGetSystemRoutineAddress
ExGetPreviousMode
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IofCallDriver
KeReleaseMutex
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
KeInitializeDpc
KeInitializeTimer
KeInitializeMutex
IoOpenDeviceRegistryKey
KeQuerySystemTime
ZwQueryValueKey
ZwWriteFile
ZwSetSecurityObject
RtlTimeToTimeFields
IoCancelIrp
KeCancelTimer
KeSetTimer
PoCallDriver
PoStartNextPowerIrp
KeReadStateTimer
_allmul
IoRegisterPlugPlayNotification
IoGetDeviceObjectPointer
IoUnregisterPlugPlayNotification
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
RtlCompareMemory
KeBugCheckEx
IoReleaseCancelSpinLock
IofCompleteRequest
KeTickCount
RtlRandom
RtlCreateSecurityDescriptor
ExSystemTimeToLocalTime
ZwOpenFile
ExfInterlockedRemoveHeadList
IoFreeMdl
IoReleaseRemoveLockAndWaitEx
ExfInterlockedInsertTailList
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlWriteRegistryValue
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ZwOpenKey
ZwSetValueKey
RtlFreeUnicodeString
IoReuseIrp
KeInitializeEvent
IoReleaseRemoveLockEx
PsCreateSystemThread
ObReferenceObjectByHandle
PsTerminateSystemThread
KeWaitForMultipleObjects
KeClearEvent
KeWaitForSingleObject
ObfDereferenceObject
ZwClose
ExAllocatePoolWithTag
ExFreePoolWithTag
IoAllocateIrp
IoFreeIrp
MmMapLockedPagesSpecifyCache
KeSetEvent
_vsnprintf
memset
memcpy
ZwCreateFile
DbgPrint
PsGetVersion

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ndis.sys

NdisWriteErrorLogEntry
NdisReadConfiguration
NdisMRegisterDevice
NdisMDeregisterDevice
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisFreePacket
NdisFreeBufferPool
NdisFreePacketPool
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisAllocatePacket
NdisAllocateBuffer
NdisWriteConfiguration
NdisInitializeEvent
NdisInitializeWrapper
NdisTerminateWrapper
NdisMRegisterMiniport
NdisMRegisterUnloadHandler
NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisSetTimer
NdisCancelTimer
NdisSetEvent
NdisWaitEvent
NdisMSleep
NdisMDeregisterAdapterShutdownHandler
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisInitializeTimer

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 229B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/ewusbwwan.cat
ConnectorVPN/Modem/Driver/X86/ewusbwwan.inf
ConnectorVPN/Modem/Driver/X86/ewusbwwan.sys
.sys windows:6 windows x86 arch:x86

c1ddfe25707e34399df1137dba42b953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.22.00\qualcommm\wwan\6012\build\target\objfre_win7_x86\i386\qcusbnet.pdb

Imports

ntoskrnl.exe

KeQueryPriorityThread
IoSetDevicePropertyData
KeInitializeDpc
KeInitializeTimer
KeInitializeMutex
KeReadStateEvent
IoOpenDeviceRegistryKey
KeQuerySystemTime
ZwQueryValueKey
ZwWriteFile
ZwCreateFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeCancelTimer
KeSetTimer
PoCallDriver
PoStartNextPowerIrp
KeSetPriorityThread
_allmul
IoRegisterPlugPlayNotification
IoGetDeviceObjectPointer
IoUnregisterPlugPlayNotification
PoRequestPowerIrp
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
_aulldvrm
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
_vsnwprintf
MmGetSystemRoutineAddress
_chkstk
KeBugCheckEx
ExAllocatePool
KeReleaseMutex
strrchr
IoCancelIrp
RtlCreateSecurityDescriptor
KeGetCurrentThread
IofCallDriver
KefAcquireSpinLockAtDpcLevel
ZwOpenFile
ZwSetSecurityObject
IofCompleteRequest
IoReleaseCancelSpinLock
KeTickCount
RtlRandom
ExfInterlockedRemoveHeadList
IoReleaseRemoveLockAndWaitEx
ExfInterlockedInsertTailList
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlWriteRegistryValue
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ZwOpenKey
ZwSetValueKey
RtlFreeUnicodeString
KeInitializeEvent
IoReuseIrp
IoReleaseRemoveLockEx
PsCreateSystemThread
ObReferenceObjectByHandle
PsTerminateSystemThread
KeWaitForMultipleObjects
ObfDereferenceObject
ZwClose
RtlCompareMemory
ExAllocatePoolWithTag
ExFreePoolWithTag
IoAllocateIrp
KefReleaseSpinLockFromDpcLevel
ExGetPreviousMode
RtlInitAnsiString
IoFreeIrp
MmMapLockedPagesSpecifyCache
KeSetEvent
_vsnprintf
KeWaitForSingleObject
KeClearEvent
memset
memcpy
KeReadStateTimer
DbgPrint
PsGetVersion

hal

KfAcquireSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor
KfReleaseSpinLock

ndis.sys

NdisMIndicateStatusEx
NdisFreeMemory
NdisAllocateMemoryWithTagPriority
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisRegisterDeviceEx
NdisDeregisterDeviceEx
NdisReadNetworkAddress
NdisFreeMdl
NdisFreeNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisAllocateMdl
NdisAllocateNetBufferAndNetBufferList
NdisInitializeEvent
NdisMRegisterMiniportDriver
NdisMGetDeviceProperty
NdisMSetMiniportAttributes
NdisAllocateTimerObject
NdisWriteErrorLogEntry
NdisMResetComplete
NdisSetTimerObject
NdisCancelTimerObject
NdisFreeTimerObject
NdisSetEvent
NdisWaitEvent
NdisMSleep
NdisMDeregisterMiniportDriver
NdisOpenConfigurationEx
NdisWriteConfiguration
NdisCloseConfiguration
NdisMSendNetBufferListsComplete
NdisMOidRequestComplete
NdisMIndicateReceiveNetBufferLists

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

netio.sys

FreeMibTable
CreateUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
DeleteUnicastIpAddressEntry
GetUnicastIpAddressTable
CreateIpForwardEntry2
InitializeIpForwardEntry
DeleteIpForwardEntry2
GetIpForwardTable2

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGED_CO
Size: 512B - Virtual size: 229B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/hwgpssensor.cat
ConnectorVPN/Modem/Driver/X86/hwgpssensor.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7ca1d31e95a3e3ec4df0048c264240e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\gps\code\build\target\objfre_win7_x86\i386\hwgpssensor.pdb

Imports

msvcrt

_unlock
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
__dllonexit
_purecall
__CxxFrameHandler3
memcpy_s
memmove_s
_CxxThrowException
_wcsicmp
free
memset
strtod
atoi
malloc
_vsnwprintf
_lock
_onexit
realloc
_errno
atof
strncpy_s

kernel32

SetCommMask
InterlockedExchange
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
SystemTimeToFileTime
GetSystemTime
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
Sleep
GetOverlappedResult
WriteFile
ClearCommError
ReadFile
ResetEvent
SetCommState
GetCommState
GetProcessHeap
CreateFileA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CLSIDFromString
StringFromCLSID
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid

user32

UnregisterClassA

advapi32

TraceMessage
GetTraceEnableLevel
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

propsys

InitPropVariantFromBuffer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/hwgpssensor.inf
ConnectorVPN/Modem/Driver/X86/mod7700.cat
ConnectorVPN/Modem/Driver/X86/mod7700.inf
ConnectorVPN/Modem/Driver/X86/mod7700.sys
.sys windows:6 windows x86 arch:x86

a4bc527d235af7248e0d2d6d9f6249df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\xp\bda\huawei\mod7700\device_specific_mod7700\objfre_wxp_x86\i386\mod7700.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ExAllocatePoolWithTag
KeBugCheckEx
ZwCreateFile
ZwReadFile
IoWMIRegistrationControl
IoRegisterDeviceInterface
IoOpenDeviceInterfaceRegistryKey
ZwDeleteKey
IoSetDeviceInterfaceState
RtlFreeUnicodeString
ExFreePool
memmove
ZwQueryValueKey
IoCancelIrp
PoRequestPowerIrp
PoSetPowerState
PsGetVersion
RtlCompareMemory
_alldiv
IoAllocateDriverObjectExtension
KeInitializeSpinLock
KeWaitForMultipleObjects
ObReferenceObjectByHandle
PsCreateSystemThread
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
KeReleaseMutex
KeSetTimerEx
KeCancelTimer
PsTerminateSystemThread
KeDelayExecutionThread
IoBuildDeviceIoControlRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoRaiseInformationalHardError
KeInitializeMutex
DbgPrint
KeClearEvent
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeInitializeTimerEx
KeInitializeDpc
_purecall
strncpy
KeQueryTimeIncrement
RtlUnwind
PoStartNextPowerIrp
IofCompleteRequest
RtlCopyUnicodeString
memset
IoCreateDevice
IoAllocateIrp
IoFreeIrp
KeWaitForSingleObject
PoCallDriver
memcpy
swprintf
ObfDereferenceObject
ObfReferenceObject
IoGetDeviceProperty
IofCallDriver
ZwOpenKey
RtlAppendUnicodeToString
ZwSetValueKey
_allmul
IoOpenDeviceRegistryKey
IoInvalidateDeviceRelations
IoDeleteDevice
KeSetEvent
IoGetDriverObjectExtension
ExFreePoolWithTag
KeInitializeEvent
KeTickCount
MmGetSystemRoutineAddress

hal

ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

ks.sys

KsStreamPointerDelete
KsStreamPointerUnlock
KsDefaultAddEventHandler
KsGenerateEvent
KsGetObjectFromFileObject
KsFilterGetFirstChildPin
KsGetFilterFromIrp
KsPinGetLeadingEdgeStreamPointer
KsStreamPointerAdvance
KsFilterGetChildPinCount
KsStreamPointerClone
KsPinGetParentFilter
KsPinAttemptProcessing
KsGetDevice
KsGenerateEvents
KsFilterFactoryAddCreateItem
KsFilterFactoryUpdateCacheData
KsCreateFilterFactory
KsAddItemToObjectBag
KsCreateDevice
KsDispatchIrp
KsPinGetReferenceClockInterface
_KsEdit
KsGetPinFromIrp

bdasup.sys

BdaStartChanges
BdaCreateFilterFactoryEx
BdaFilterFactoryUpdateCacheData
BdaCommitChanges
BdaGetChangeState
BdaCheckChanges
BdaInitFilter

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/X86/usbccid.cat
ConnectorVPN/Modem/Driver/X86/usbccid.inf
ConnectorVPN/Modem/Driver/X86/usbccid.sys
.sys windows:5 windows x86 arch:x86

f39b03ee1f9cd5628c4512b5c20bceb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbccid.pdb

Imports

ntoskrnl.exe

KeTickCount
KeBugCheckEx
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
IoCreateDevice
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePoolWithTag
IofCompleteRequest
_except_handler3
RtlInitUnicodeString
ZwQueryValueKey
IoInitializeRemoveLockEx
ZwClose
KeSetEvent
ExFreePool
IoAcquireCancelSpinLock
IoFreeIrp
IoReleaseRemoveLockEx
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
KeInitializeEvent
IoAcquireRemoveLockEx
_allmul
IoBuildDeviceIoControlRequest
InterlockedDecrement
InterlockedIncrement
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeInitializeSpinLock
IoFreeWorkItem
IoQueueWorkItem
InterlockedCompareExchange
IoAllocateWorkItem
KeResetEvent
KeClearEvent
IoRegisterDeviceInterface
PoStartNextPowerIrp
PoSetPowerState
PoCallDriver
PoRequestPowerIrp
IoSetDeviceInterfaceState
IoDeleteDevice
IoDetachDevice
RtlFreeUnicodeString
IoReleaseRemoveLockAndWaitEx
InterlockedExchange
IoReleaseCancelSpinLock

hal

KfReleaseSpinLock
KfAcquireSpinLock

smclib.sys

SmartcardT1Request
SmartcardT0Request
SmartcardT0Reply
SmartcardUpdateCardCapabilities
SmartcardDeviceControl
SmartcardT1Reply
SmartcardInitialize
SmartcardExit

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx
USBD_ParseDescriptors

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEABLE
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/Driver/install.xml
ConnectorVPN/Modem/DriverSetup.exe
.exe windows:4 windows x86 arch:x86

532b7303d0db6c32239329119355e78f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:f1:a4:a7:1b:6a:ff:9c:25:e5:00:6e:24:7c:d0:38
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2012, 00:00

Not After

24/08/2014, 23:59

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Huawei Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:6c:dd:e0:d7:f9:3a:2f:46:91:bc:bf:e0:70:0a:d4:29:8b:6e:54
Signer

Actual PE Digest

27:6c:dd:e0:d7:f9:3a:2f:46:91:bc:bf:e0:70:0a:d4:29:8b:6e:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.16.00\common\setup\driversetup\release\DriverSetup.pdb

Imports

kernel32

GetFileTime
GetTickCount
RaiseException
RtlUnwind
CreateDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
Sleep
VirtualFree
GetFileAttributesA
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
SetErrorMode
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
FreeResource
WritePrivateProfileStringA
GetCurrentProcessId
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
lstrlenA
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateSemaphoreA
GetVersion
CreateProcessA
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcess
LoadLibraryA
GetProcAddress
HeapDestroy
FreeLibrary

user32

EndDialog
CreateDialogIndirectParamA
RegisterClipboardFormatA
PostThreadMessageA
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
ReleaseCapture
GetCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ClientToScreen
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
CharUpperA
GetWindowTextA
SetWindowTextA
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetWindowLongA
DestroyMenu
UnregisterClassA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup

gdi32

DeleteDC
GetStockObject
ExtSelectClipRgn
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
GetBkColor
GetDeviceCaps
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/DriverUninstall.exe
.exe windows:4 windows x86 arch:x86

10b1379cc03f80f610d0c9ee3f36c9e7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:f1:a4:a7:1b:6a:ff:9c:25:e5:00:6e:24:7c:d0:38
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2012, 00:00

Not After

24/08/2014, 23:59

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Huawei Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:d7:c0:86:09:9c:e7:5a:b9:29:e8:99:b4:6e:48:4d:39:c5:6f:dd
Signer

Actual PE Digest

b0:d7:c0:86:09:9c:e7:5a:b9:29:e8:99:b4:6e:48:4d:39:c5:6f:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\4.25.16.00\common\setup\driversetup\release\DriverSetup.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
GetTickCount
RaiseException
RtlUnwind
CreateDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
Sleep
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
FileTimeToSystemTime
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFlags
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
FreeResource
GlobalFree
WritePrivateProfileStringA
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
lstrlenA
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateSemaphoreA
GetVersion
CreateProcessA
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcess
LoadLibraryA
GetProcAddress
VirtualFree
FreeLibrary

user32

EndDialog
CreateDialogIndirectParamA
RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
ReleaseCapture
LoadCursorA
GetCapture
SetCapture
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
CharUpperA
GetDesktopWindow
ClientToScreen
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassA
DestroyMenu
MessageBeep
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
MapWindowPoints

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetBkColor
CreateBitmap
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/LocateDevice.dll
.dll windows:5 windows x86 arch:x86

78e8e6aaec1355a1bb7b7825b30ef266

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:ea:45:6d:d0:a9:c3:b3:a0:dd:7b:d8:60:de:0b:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/07/2009, 00:00

Not After

29/07/2012, 23:59

Subject

CN=HUAWEI Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HUAWEI Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:8b:5e:62:39:56:4e:4a:bd:1a:72:00:11:af:c5:5c:50:91:57:03
Signer

Actual PE Digest

6c:8b:5e:62:39:56:4e:4a:bd:1a:72:00:11:af:c5:5c:50:91:57:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

CM_Locate_DevNodeA
CM_Reenumerate_DevNode

Exports

Exports

LocateDevice

Sections

.text
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 18B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/Modem/TEF_Contingencia.config
ConnectorVPN/Modem/devsetup32.exe
.exe windows:4 windows x86 arch:x86

3fa3057a83cd607141300db7f7ca6e3f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:f1:a4:a7:1b:6a:ff:9c:25:e5:00:6e:24:7c:d0:38
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2012, 00:00

Not After

24/08/2014, 23:59

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Huawei Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:3e:de:ea:52:84:7f:bb:39:11:8e:8b:e1:00:9f:51:9b:b2:46:69
Signer

Actual PE Digest

3d:3e:de:ea:52:84:7f:bb:39:11:8e:8b:e1:00:9f:51:9b:b2:46:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiCallClassInstaller
CM_Get_DevNode_Status
CM_Get_Child
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupCopyOEMInfA

shlwapi

SHDeleteKeyA
StrToIntA
SHDeleteValueA
PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
HeapAlloc
GlobalFlags
HeapReAlloc
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLocalTime
GetTimeZoneInformation
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThreadId
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SetLastError
FindNextFileA
GetFileSize
ReadFile
FindFirstFileA
CopyFileA
FindClose
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
QueryDosDeviceA
Sleep
VerSetConditionMask
VerifyVersionInfoA
LocalFree
LocalAlloc
OutputDebugStringA
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameA
CreateFileA
DeviceIoControl
GetFileAttributesA
SetFileAttributesA
DeleteFileA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
CompareStringW
CompareStringA
CreateSemaphoreA
CloseHandle
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
HeapFree

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongA
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
SendMessageA
GetWindowThreadProcessId
UnhookWindowsHookEx
GetSysColorBrush
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
IsWindow

gdi32

SetMapMode
GetStockObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
QueryServiceConfigA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ChangeServiceConfigA

shell32

ShellExecuteExA

oleaut32

VariantInit
VariantClear
VariantChangeType

ws2_32

htons
htonl

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ConnectorVPN/Plugin/BIGIPEdgeClient-API.exe
.exe windows:4 windows x86 arch:x86

2cb774e7535b6d5cb3a1b15de57f4140

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

urlmon

URLDownloadToCacheFileA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCanonicalizeUrlA
DeleteUrlCacheEntry

kernel32

InterlockedIncrement
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileA
GetCurrentThreadId
GetSystemTime
InitializeCriticalSection
DeleteFileA
CopyFileA
CreateEventA
ReleaseMutex
WaitForSingleObject
FindNextFileA
RemoveDirectoryA
GetModuleHandleA
SetFileAttributesA
GetVersion
CreateFileA
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
EnumResourceLanguagesA
InterlockedDecrement
InterlockedExchange
RaiseException
GetCurrentDirectoryA
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
ReadFile
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
WriteFile
HeapSize
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetTimeZoneInformation
GetSystemInfo
GetEnvironmentVariableA
OutputDebugStringA
GetCurrentProcess
GlobalAlloc
GlobalFree
CreateMutexA
GetVersionExA
lstrcmpA
FormatMessageA
LocalFree
CreateProcessA
GetExitCodeProcess
CloseHandle
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetLastError
lstrcpyA
GetFullPathNameA
GetLongPathNameA
GetFileAttributesA
lstrlenA
GetTempPathA
GetTickCount
CompareStringA
lstrcatA
FreeLibrary
lstrcpynA
GetProcAddress
LoadLibraryA
SetEnvironmentVariableW
TerminateProcess
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
GetFileType
RtlUnwind
lstrcmpiA
GlobalLock
GlobalUnlock
SetEndOfFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetVolumeInformationA
SetVolumeLabelA
GetDriveTypeA
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime

user32

LoadStringA
MessageBoxA
CharPrevA
ExitWindowsEx
SetFocus
wsprintfA
MsgWaitForMultipleObjects
WaitMessage
PostMessageA
DestroyWindow
CreateDialogParamA
SetWindowTextA
MoveWindow
SetDlgItemTextA
GetDlgItem
CharNextA
ShowWindow
SetForegroundWindow
LoadIconA
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
DefWindowProcA
OemToCharA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ConnectorVPN/Plugin/F5.Componnet.Installer.11.5.1hf4.exe
.exe windows:4 windows x86 arch:x86

2cb774e7535b6d5cb3a1b15de57f4140

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

urlmon

URLDownloadToCacheFileA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCanonicalizeUrlA
DeleteUrlCacheEntry

kernel32

InterlockedIncrement
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileA
GetCurrentThreadId
GetSystemTime
InitializeCriticalSection
DeleteFileA
CopyFileA
CreateEventA
ReleaseMutex
WaitForSingleObject
FindNextFileA
RemoveDirectoryA
GetModuleHandleA
SetFileAttributesA
GetVersion
CreateFileA
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
EnumResourceLanguagesA
InterlockedDecrement
InterlockedExchange
RaiseException
GetCurrentDirectoryA
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
ReadFile
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
WriteFile
HeapSize
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetTimeZoneInformation
GetSystemInfo
GetEnvironmentVariableA
OutputDebugStringA
GetCurrentProcess
GlobalAlloc
GlobalFree
CreateMutexA
GetVersionExA
lstrcmpA
FormatMessageA
LocalFree
CreateProcessA
GetExitCodeProcess
CloseHandle
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetLastError
lstrcpyA
GetFullPathNameA
GetLongPathNameA
GetFileAttributesA
lstrlenA
GetTempPathA
GetTickCount
CompareStringA
lstrcatA
FreeLibrary
lstrcpynA
GetProcAddress
LoadLibraryA
SetEnvironmentVariableW
TerminateProcess
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
GetFileType
RtlUnwind
lstrcmpiA
GlobalLock
GlobalUnlock
SetEndOfFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetVolumeInformationA
SetVolumeLabelA
GetDriveTypeA
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime

user32

LoadStringA
MessageBoxA
CharPrevA
ExitWindowsEx
SetFocus
wsprintfA
MsgWaitForMultipleObjects
WaitMessage
PostMessageA
DestroyWindow
CreateDialogParamA
SetWindowTextA
MoveWindow
SetDlgItemTextA
GetDlgItem
CharNextA
ShowWindow
SetForegroundWindow
LoadIconA
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
DefWindowProcA
OemToCharA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ConnectorVPN/Plugin/RedeBoticario/config.ini
ConnectorVPN/RedeBoticario1.lnk
.lnk
ConnectorVPN/TEF_Contingencia1.lnk
.lnk
ConnectorVPN/VPN.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\DTO\Infra\Vsat\Operações\Desenvolvimento\[DEV] Conector VPN F5 v3 [prototipo]\F5_AppTunnelClientWeb\obj\Release\VPN.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/WelcomeMonaco.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\rodolfo\AppData\Local\Temporary Projects\WindowsApplication1\obj\Debug\WindowsApplication1.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/WelcomeTEFCont.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\galbe1\suti$\DTO\Infra\Vsat\Operações\Desenvolvimento\[DEV] Conector VPN F5\WelcomeTEFCont\WelcomeTEFCont\obj\Debug\WelcomeTEFCont.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConnectorVPN/config.ini
ContingenciaVendas/F5_VPN.exe
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ContingenciaVendas/InstaladorContingenciaVendas.ps1
.ps1
ContingenciaVendas/InstallContingenciaVendas.msi
.msi
ContingenciaVendas/ScheduledTask_EnableLAN.xml
install.bat

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 728B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 212KB - Virtual size: 212KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 40KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 4KB - Virtual size: 12B

9aa2546c4dfe543e11dbbf7cb79c00c5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

setupapi

kernel32

advapi32

crypt32

wintrust

shell32

user32

ole32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 1019KB - Virtual size: 1019KB

.reloc Size: 3KB - Virtual size: 2KB

00df76bbd03eb78c2f1fe3c4e42bd85c

Headers

DLL Characteristics

File Characteristics

.text
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 728B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 212KB - Virtual size: 212KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 40KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 4KB - Virtual size: 12B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

67:f1:0f:19:25:39:f6:40:e2:69:b1:19:9c:75:1f:4e:47:c6:b7:84
Signer

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 1019KB - Virtual size: 1019KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 512B - Virtual size: 449B

.data
Size: 128B - Virtual size: 32B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 408B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 384B - Virtual size: 318B

.data
Size: 2KB - Virtual size: 2KB

PAGE
Size: 7KB - Virtual size: 7KB

INIT
Size: 896B - Virtual size: 878B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 896B - Virtual size: 820B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB