wares-main[.]zip

Resubmissions

24/05/2024, 15:49

240524-s9vz5sbd88 7

Sharing

Copy URL Twitter E-mail

General

Target

wares-main.zip
Size

66.9MB
MD5

892aa69dcb3c66724cfff1c9f2357892
SHA1

e8e30589fb3f6d6e104da4275b2076a1c9163247
SHA256

c62a18c512d1689d5179f97783f78b920e7dcc37e95b1eb67e75c041542dfc7d
SHA512

02dee401c58539c03fb36574cf9f711b84a5a45df11b790aad456b6ea047926dc67d681c0e2cd84e962066a7dd3b4656aad158a202d3d68dfcd7726d31f80efd
SSDEEP

1572864:6jufmg7jufmgIjz9RWjooyvmlu+jm1Fa6FHZ5AkNc66DEJ:elgHlgYnWUqjmzBHZs66DEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wares-main/Ext2IFS_1_10b.exe
unpack001/wares-main/idea.dll
unpack001/wares-main/pe_template.dat

Files

wares-main.zip
.zip
wares-main/.zcompdump
wares-main/.zsh_history
wares-main/Ext2IFS_1_10b.exe
.exe windows:4 windows x86 arch:x86

0b6247a1e2de3e1475b35f711d13f379

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
HeapFree
GetProcessHeap
SetLastError
LockResource
LoadResource
SizeofResource
FindResourceA
lstrcatA
lstrcpyA
GetTempFileNameA
GetLastError
CreateDirectoryA
HeapAlloc
GetTempPathA
CloseHandle
WriteFile
CreateFileA
ExitProcess
WaitForSingleObject
CreateProcessA
GetCommandLineA
GetStartupInfoA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
lstrcmpA
FindFirstFileA
lstrlenA
LocalFree
FormatMessageA

user32

MessageBoxA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wares-main/FDhelp
wares-main/INSCD
.sh linux
wares-main/INSNFS
.sh linux
wares-main/INSdir
.sh linux
wares-main/INSfd
.sh linux
wares-main/INShd
.sh linux
wares-main/PROMPThelp
wares-main/README
wares-main/SeTDOS
.sh linux
wares-main/SeTPKG
.sh linux
wares-main/SeTconfig
.sh linux
wares-main/SeTfdHELP
.sh linux
wares-main/SeTfull
.sh linux
wares-main/SeTkernel
.sh linux
wares-main/SeTkeymap
.sh linux
wares-main/SeTmaketag
.sh linux
wares-main/SeTmedia
.sh linux
wares-main/SeTnopart
wares-main/SeTpartitions
.sh linux
wares-main/SeTpasswd
.sh linux
wares-main/SeTswap
.sh linux
wares-main/WPSettings.dat
wares-main/a.txt
wares-main/a.txt:ads.txt
wares-main/at_quick_exit.oS
.elf linux x86
wares-main/atexit.oS
.elf linux x86
wares-main/b.txt
wares-main/b.txt:ads.txt
wares-main/badblocks
.elf linux x86
wares-main/blkid
.elf linux x86
wares-main/brc
.sh linux
wares-main/busybox
.elf linux x86
wares-main/cfdisk
.sh linux
wares-main/cfdisk.bin
.elf linux x86
wares-main/chattr
.elf linux x86
wares-main/comm
.elf linux x86
wares-main/cut
.elf linux x86
wares-main/debugfs
.elf linux x86
wares-main/df.bin
.elf linux x86
wares-main/dialog
.elf linux x86
wares-main/dialogrc
wares-main/dir:ads.txt
wares-main/disk2
wares-main/dumpe2fs
.elf linux x86
wares-main/e2fsck
.elf linux x86
wares-main/e2image
.elf linux x86
wares-main/ehci-hcd.o.gz
.gz
ehci-hcd.o
.elf linux x86
wares-main/eject
.elf linux x86
wares-main/evdev.o.gz
.gz
evdev.o
.elf linux x86
wares-main/fdisk
.sh linux
wares-main/fdisk.bin
.elf linux x86
wares-main/filesize
.sh linux
wares-main/floss
.elf linux x64
wares-main/floss (copy 1)
.elf linux x64
wares-main/foobar.exe
wares-main/fsck
.elf linux x86
wares-main/fsck.ext2
.sh linux
wares-main/fsck.ext3
.sh linux
wares-main/func.py
wares-main/grep.bin
.elf linux x86
wares-main/group
wares-main/gzip.bin
.elf linux x86
wares-main/hc_sl811.o.gz
.gz
hc_sl811.o
.elf linux x86
wares-main/hdparm
.elf linux x86
wares-main/hid.o.gz
.gz
hid.o
.elf linux x86
wares-main/hosts
wares-main/hotplug
.elf linux x86
wares-main/idea.dll
.dll windows:4 windows x86 arch:x86

3c20011523b8276de328099c0b9f60d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

__GetMainArgs
_assert
atexit
fprintf
memcmp
memcpy
memset
_iob

Exports

Exports

idea_get_info

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wares-main/ieee1394.o.gz
.gz
ieee1394.o
.elf linux x86
wares-main/initrd.img
wares-main/inittab
wares-main/input.o.gz
.gz
input.o
.elf linux x86
wares-main/insmod
.elf linux x86
wares-main/installpkg
.sh linux
wares-main/ipmask
.elf linux x86
wares-main/issue
wares-main/itl-logo.txt
wares-main/jfs_mkfs
.elf linux x86
wares-main/joydev.o.gz
.gz
joydev.o
.elf linux x86
wares-main/keybdev.o.gz
.gz
keybdev.o
.elf linux x86
wares-main/keymaps.tar.gz
.gz
wares-main/klogd
.elf linux x86
wares-main/ld-2.3.1.so
.elf linux x86
wares-main/ld.so.cache
wares-main/ldd
wares-main/ldlinux.sys
wares-main/lft
wares-main/libBrokenLocale-2.3.1.so
.elf linux x86
wares-main/libanl-2.3.1.so
.elf linux x86
wares-main/libblkid.so.1.0
.elf linux x86
wares-main/libc-2.3.1.so
.elf linux x86
wares-main/libc6-i386_2.11.1-0ubuntu7.11_amd64.so
.elf linux x86
wares-main/libc6-i386_2.11.1-0ubuntu7.12_amd64.so
.elf linux x86
wares-main/libc6-i386_2.11.1-0ubuntu7.21_amd64.so
.elf linux x86
wares-main/libc6-i386_2.12.1-0ubuntu10.4_amd64.so
.elf linux x86
wares-main/libc6-i386_2.12.1-0ubuntu6_amd64.so
.elf linux x86
wares-main/libc6-i386_2.13-0ubuntu13.2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.13-0ubuntu13_amd64.so
.elf linux x86
wares-main/libc6-i386_2.13-20ubuntu5.2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.13-20ubuntu5.3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.13-20ubuntu5_amd64.so
.elf linux x86
wares-main/libc6-i386_2.15-0ubuntu10.18_amd64.so
.elf linux x86
wares-main/libc6-i386_2.15-0ubuntu10_amd64.so
.elf linux x86
wares-main/libc6-i386_2.15-0ubuntu20.2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.15-0ubuntu20_amd64.so
.elf linux x86
wares-main/libc6-i386_2.17-0ubuntu5.1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.17-0ubuntu5_amd64.so
.elf linux x86
wares-main/libc6-i386_2.17-93ubuntu4_amd64.so
.elf linux x86
wares-main/libc6-i386_2.19-0ubuntu6.15_amd64.so
.elf linux x86
wares-main/libc6-i386_2.19-0ubuntu6_amd64.so
.elf linux x86
wares-main/libc6-i386_2.19-10ubuntu2.3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.19-10ubuntu2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.19-18+deb8u10_amd64.so
.elf linux x86
wares-main/libc6-i386_2.21-0ubuntu4.3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.21-0ubuntu4_amd64.so
.elf linux x86
wares-main/libc6-i386_2.23-0ubuntu10_amd64.so
.elf linux x86
wares-main/libc6-i386_2.23-0ubuntu11_amd64.so
.elf linux x86
wares-main/libc6-i386_2.23-0ubuntu11_amd64.symbols
wares-main/libc6-i386_2.23-0ubuntu3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.23-0ubuntu3_amd64.symbols
wares-main/libc6-i386_2.24-11+deb9u4_amd64.so
.elf linux x86
wares-main/libc6-i386_2.24-11+deb9u4_amd64.symbols
wares-main/libc6-i386_2.24-3ubuntu1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.24-3ubuntu1_amd64.symbols
wares-main/libc6-i386_2.24-3ubuntu2.2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.24-3ubuntu2.2_amd64.symbols
wares-main/libc6-i386_2.24-9ubuntu2.2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.24-9ubuntu2.2_amd64.symbols
wares-main/libc6-i386_2.24-9ubuntu2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.24-9ubuntu2_amd64.symbols
wares-main/libc6-i386_2.26-0ubuntu2.1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.26-0ubuntu2.1_amd64.symbols
wares-main/libc6-i386_2.26-0ubuntu2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.26-0ubuntu2_amd64.symbols
wares-main/libc6-i386_2.27-3ubuntu1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.27-3ubuntu1_amd64.symbols
wares-main/libc6-i386_2.28-0ubuntu1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.28-0ubuntu1_amd64.symbols
wares-main/libc6-i386_2.28-10_amd64.so
.elf linux x86
wares-main/libc6-i386_2.28-10_amd64.symbols
wares-main/libc6-i386_2.29-0ubuntu2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.29-0ubuntu2_amd64.symbols
wares-main/libc6-i386_2.3.6-0ubuntu20.6_amd64.so
.elf linux x86
wares-main/libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols
wares-main/libc6-i386_2.3.6-0ubuntu20_amd64.so
.elf linux x86
wares-main/libc6-i386_2.3.6-0ubuntu20_amd64.symbols
wares-main/libc6-i386_2.30-0ubuntu2.1_amd64.so
.elf linux x86
wares-main/libc6-i386_2.30-0ubuntu2.1_amd64.symbols
wares-main/libc6-i386_2.30-0ubuntu2_amd64.so
.elf linux x86
wares-main/libc6-i386_2.30-0ubuntu2_amd64.symbols
wares-main/libc6-i386_2.30-4_amd64.so
.elf linux x86
wares-main/libc6-i386_2.30-4_amd64.symbols
wares-main/libc6-i386_2.31-0ubuntu6_amd64.so
.elf linux x86
wares-main/libc6-i386_2.31-0ubuntu6_amd64.symbols
wares-main/libc6-i386_2.4-1ubuntu12.3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.4-1ubuntu12.3_amd64.symbols
wares-main/libc6-i386_2.4-1ubuntu12_amd64.so
.elf linux x86
wares-main/libc6-i386_2.4-1ubuntu12_amd64.symbols
wares-main/libc6-i386_2.5-0ubuntu14_amd64.symbols
wares-main/libc6-i386_2.6.1-1ubuntu10_amd64.symbols
wares-main/libc6-i386_2.6.1-1ubuntu9_amd64.symbols
wares-main/libc6-i386_2.8~20080505-0ubuntu7_amd64.so
.elf linux x86
wares-main/libc6-i386_2.8~20080505-0ubuntu9_amd64.so
.elf linux x86
wares-main/libc6-i386_2.9-4ubuntu6.3_amd64.so
.elf linux x86
wares-main/libc6-i386_2.9-4ubuntu6_amd64.so
.elf linux x86
wares-main/libcom_err.so.2.1
.elf linux x86
wares-main/libcrypt-2.3.1.so
.elf linux x86
wares-main/libdl-2.3.1.so
.elf linux x86
wares-main/libe2fsim.1.2.1.so
.elf linux x86
wares-main/libe2p.so.2.3
.elf linux x86
wares-main/libext2fs.so.2.4
.elf linux x86
wares-main/libgpm.so.1.18.0
.elf linux x86
wares-main/libm-2.3.1.so
.elf linux x86
wares-main/libmemusage.so
.elf linux x86
wares-main/libncurses.so.5.3
.elf linux x86
wares-main/libnsl-2.3.1.so
.elf linux x86
wares-main/libnss_dns-2.3.1.so
.elf linux x86
wares-main/libnss_files-2.3.1.so
.elf linux x86
wares-main/libpcprofile.so
.elf linux x86
wares-main/libproc.so.2.0.16
.elf linux x86
wares-main/libpthread-0.10.so
.elf linux x86
wares-main/libresolv-2.3.1.so
.elf linux x86
wares-main/librt-2.3.1.so
.elf linux x86
wares-main/libss.so.2.0
.elf linux x86
wares-main/libthread_db-1.0.so
.elf linux x86
wares-main/libutil-2.3.1.so
.elf linux x86
wares-main/libuuid.so.1.2
.elf linux x86
wares-main/linux
wares-main/linux-basic
wares-main/linux-c
wares-main/linux-c-nc
wares-main/linux-koi8
wares-main/linux-koi8r
wares-main/linux-lat
wares-main/linux-m
wares-main/linux-nic
wares-main/lisa
wares-main/lisaterm
wares-main/lisaterm-w
wares-main/liswb
wares-main/ln03
wares-main/ln03-w
wares-main/login.defs
wares-main/logsave
.elf linux x86
wares-main/lorem.txt
wares-main/lpr
wares-main/ls
.elf linux x86
wares-main/lsattr
.elf linux x86
wares-main/lsraid
.elf linux x86
wares-main/luna
wares-main/makedevs.sh
.sh linux
wares-main/migrate.sh
.sh linux
wares-main/mkdosfs
.elf linux x86
wares-main/mke2fs
.elf linux x86
wares-main/mkfs.xfs
.elf linux x86
wares-main/mklost+found
.elf linux x86
wares-main/mkraid
.elf linux x86
wares-main/mkreiserfs
.elf linux x86
wares-main/modules.dep
wares-main/modules.generic_string
wares-main/modules.ieee1394map
wares-main/modules.isapnpmap
wares-main/modules.parportmap
wares-main/modules.pcimap
wares-main/mount
.elf linux x86
wares-main/mousedev.o.gz
.gz
wares-main/mtools.conf
wares-main/network
.sh linux
wares-main/networks
wares-main/no_ads.txt
wares-main/nopartHELP
wares-main/notes.txt
wares-main/notes.txt:ads
wares-main/nsswitch.conf
wares-main/obex-check-device
.elf linux x64
wares-main/obex_find
.elf linux x64
wares-main/obex_tcp
.elf linux x64
wares-main/obex_test
.elf linux x64
wares-main/obexautofs
.elf linux x64
wares-main/obexfs
.elf linux x64
wares-main/obexftp
.elf linux x64
wares-main/obexftpd
.elf linux x64
wares-main/obexstress
.sh linux
wares-main/ohci1394.o.gz
.gz
wares-main/passwd
wares-main/paste
.elf linux x86
wares-main/patch_tc
wares-main/pciide.sys
.sys windows:6 windows x64 arch:x64

5c68d74ecab536bbd7b7f6c3b318a88d

Code Sign

61:04:ca:69:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2007, 22:03

Not After

05/06/2012, 22:13

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher DSE ESN:A5B0-CDE0-DC94,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:01:c6:c1:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 20:39

Not After

22/01/2010, 20:49

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

9b:d4:44:d5:8b:59:cc:a8:32:bb:5f:c9:11:f8:1f:6c:66:b4:0f:cc
Signer

Actual PE Digest

9b:d4:44:d5:8b:59:cc:a8:32:bb:5f:c9:11:f8:1f:6c:66:b4:0f:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pciide.pdb

Imports

ntoskrnl.exe

KeBugCheckEx

pciidex.sys

PciIdeXInitialize
PciIdeXGetBusData

Sections

.text
Size: 1024B - Virtual size: 937B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wares-main/pcmcia
.sh linux
wares-main/pe_template.dat
.exe windows:4 windows x86 arch:x86

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 83B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wares-main/pivot_root
.elf linux x86
wares-main/pkgtool
.sh linux
wares-main/printf
.elf linux x86
wares-main/probe
.sh linux
wares-main/profile
wares-main/ps
.elf linux x86
wares-main/pt_chown
.elf linux x86
wares-main/pthread_atfork.oS
.elf linux x86
wares-main/raidreconf
.elf linux x86
wares-main/raidstart
.elf linux x86
wares-main/random1
wares-main/random1.sys
wares-main/random2
wares-main/rdev
.elf linux x86
wares-main/reiserfsck
.elf linux x86
wares-main/removepkg
.sh linux
wares-main/resize2fs
.elf linux x86
wares-main/rpc.portmap
.elf linux x86
wares-main/sbp2.o.gz
.gz
wares-main/securetty
wares-main/sed
.elf linux x86
wares-main/services
wares-main/services.db
wares-main/setterm
.elf linux x86
wares-main/setup
.sh linux
wares-main/shadow
wares-main/shells
wares-main/sl811.o.gz
.gz
wares-main/slackinstall
.sh linux
wares-main/sort
.elf linux x86
wares-main/stack_chk_fail_local.oS
.elf linux x86
wares-main/stage2
wares-main/std
wares-main/stdcrt
wares-main/strings
.elf linux x86
wares-main/syslinux
.elf linux x86
wares-main/syslinux.cfg
wares-main/syslog.conf
wares-main/systemd-resolved
.elf linux x64
wares-main/tar-1.13
.elf linux x86
wares-main/termcap
wares-main/truecrypt.sys
.sys windows:6 windows x86 arch:x86

2e4d26342802c4f33d87be78a025b47b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:24:da:79:a3:f3
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2009, 18:54

Not After

09/11/2012, 18:54

Subject

CN=TrueCrypt Foundation,O=TrueCrypt Foundation,ST=Nevada,C=US,1.2.840.113549.1.9.1=#0c15636f6e74616374407472756563727970742e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:21:c4:bd:34:bb:e1:88:3d:48:42:e5:5c:17:e0:f8:75:92:c2:62
Signer

Actual PE Digest

07:21:c4:bd:34:bb:e1:88:3d:48:42:e5:5c:17:e0:f8:75:92:c2:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\truecrypt-7.0a\driver\obj_driver_release\i386\truecrypt.pdb

Imports

ntoskrnl.exe

ObfDereferenceObject
IoCreateDevice
IoGetAttachedDeviceReference
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoReleaseRemoveLockEx
IoIsSystemThread
memcpy
MmFreeContiguousMemory
IoFreeMdl
PsSetLoadImageNotifyRoutine
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmAllocateContiguousMemory
PsTerminateSystemThread
_alldiv
KeSetEvent
IoFreeWorkItem
KeWaitForSingleObject
IoQueueWorkItem
KeInitializeEvent
IoAllocateWorkItem
IoReleaseRemoveLockAndWaitEx
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
MmMapLockedPagesSpecifyCache
KeReleaseMutex
ExfInterlockedRemoveHeadList
KeSetPriorityThread
ZwReadFile
ExfInterlockedInsertTailList
ZwWriteFile
SeImpersonateClientEx
KeClearEvent
_allmul
KeInitializeMutex
IoGetDeviceInterfaces
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlInitUnicodeString
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IoAttachDeviceToDeviceStack
KeReleaseSemaphore
KeSetTimerEx
KeInitializeTimerEx
wcsncat
SeTokenType
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfReferenceObject
ZwCreateFile
IoBuildSynchronousFsdRequest
IoGetRelatedDeviceObject
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IofCompleteRequest
KeQueryActiveProcessors
ZwQueryValueKey
ZwOpenKey
SeReleaseSubjectContext
RtlEqualSid
SeQueryInformationToken
SeTokenIsAdmin
SeCaptureSubjectContext
KeInitializeSemaphore
KeQueryInterruptTime
SeCreateClientSecurity
RtlCopySid
RtlLengthSid
PsGetVersion
ZwSetInformationFile
ZwQueryInformationFile
wcsncpy
wcsstr
_snwprintf
IoFileObjectType
KeTickCount
IoDetachDevice
IoDeleteDevice
IoInitializeRemoveLockEx
memset
MmMapIoSpace
MmUnmapIoSpace
KeBugCheckEx
KeRestoreFloatingPointState
KeSaveFloatingPointState
_aullshr
_allshl
RtlUnwind
ObOpenObjectByPointer
KeGetCurrentThread

hal

ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KfLowerIrql
ExReleaseFastMutex

Exports

Exports

_aes_decrypt@12
_aes_encrypt@12
_aes_hw_cpu_decrypt@8
_aes_hw_cpu_decrypt_32_blocks@8
_aes_hw_cpu_enable_sse@0
_aes_hw_cpu_encrypt@8
_aes_hw_cpu_encrypt_32_blocks@8
_is_aes_hw_cpu_supported@0

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wares-main/tune2fs
.elf linux x86
wares-main/uhci.o.gz
.gz
wares-main/umount
.elf linux x86
wares-main/unmigrate.sh
.sh linux
wares-main/usb-ohci.o.gz
.gz
wares-main/usb-storage.o.gz
.gz
wares-main/usb-uhci.o.gz
.gz
wares-main/usbcore.o.gz
.gz
wares-main/usbkbd.o.gz
.gz
wares-main/usbmouse.o.gz
.gz
wares-main/uuidgen
.elf linux x86
wares-main/vanilla
wares-main/vc303
wares-main/vc303a
wares-main/vc404
wares-main/vc404-s
wares-main/vc414
wares-main/vc415
wares-main/verout.2a8940aa422294e73de
wares-main/vmlinuz.img
wares-main/vremote
wares-main/vt100
wares-main/vt100-nav
wares-main/vt100-nav-w
wares-main/vt100-s
wares-main/vt100-s-bot
wares-main/vt100-vb
wares-main/vt100-w
wares-main/vt100-w-nam
wares-main/vt100nam
wares-main/vt102
wares-main/vt102-nsgr
wares-main/vt102-w
wares-main/vt300
wares-main/winpmem-amd64.sys
.sys windows:6 windows x64 arch:x64

e3ff1810a59a5bd7a538a74e0935cbac

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f4:76:ba:91:19:e6:a7:65:98:b1:18:5e:7f:9a:b6
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/05/2012, 00:00

Not After

31/07/2013, 12:00

Subject

CN=Michael Cohen,O=Michael Cohen,L=Horgen,ST=Switzerland,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:32:fa:4e:ed:fb:a0:23:65:3c:09:41:43:d9:09:99:f6:b9:bc:4f
Signer

Actual PE Digest

1f:32:fa:4e:ed:fb:a0:23:65:3c:09:41:43:d9:09:99:f6:b9:bc:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\mic\build\volatility\branches\scudette\tools\windows\winpmem\release\amd64\winpmem.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
RtlAssert
MmGetPhysicalMemoryRanges
DbgPrint
ZwMapViewOfSection
MmUnmapIoSpace
ZwUnmapViewOfSection
MmMapIoSpace
ZwOpenSection
KeBugCheckEx
MmGetSystemRoutineAddress
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
ExAllocatePoolWithTag
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wares-main/winpmem-i386.sys
.sys windows:6 windows x86 arch:x86

626a3893ab6476d89b5e3b4716468a83

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f4:76:ba:91:19:e6:a7:65:98:b1:18:5e:7f:9a:b6
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/05/2012, 00:00

Not After

31/07/2013, 12:00

Subject

CN=Michael Cohen,O=Michael Cohen,L=Horgen,ST=Switzerland,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:21:b2:43:4b:89:1b:bf:2f:b7:e8:c1:d0:fe:f8:45:50:5d:14:49
Signer

Actual PE Digest

2a:21:b2:43:4b:89:1b:bf:2f:b7:e8:c1:d0:fe:f8:45:50:5d:14:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\mic\build\volatility\branches\scudette\tools\windows\winpmem\release\i386\winpmem.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
MmGetPhysicalMemoryRanges
memcpy
memset
IofCompleteRequest
DbgPrint
RtlAssert
IoCreateSymbolicLink
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
_allrem
MmUnmapIoSpace
MmMapIoSpace
KeTickCount
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
ExAllocatePoolWithTag
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 498B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wares-main/zgrep
.sh linux
wares-main/入乡随俗海外春节别样过法.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0b6247a1e2de3e1475b35f711d13f379

Headers

File Characteristics

Imports

kernel32

user32

setupapi

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 992B

.data Size: 4KB - Virtual size: 38B

.rsrc Size: 444KB - Virtual size: 440KB

3c20011523b8276de328099c0b9f60d4

Headers

File Characteristics

Imports

crtdll

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 444B

.bss Size: - Virtual size: 16B

.edata Size: 512B - Virtual size: 76B

.idata Size: 512B - Virtual size: 292B

.reloc Size: 512B - Virtual size: 164B

5c68d74ecab536bbd7b7f6c3b318a88d

Code Sign

61:04:ca:69:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:01:c6:c1:00:00:00:00:00:07Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

9b:d4:44:d5:8b:59:cc:a8:32:bb:5f:c9:11:f8:1f:6c:66:b4:0f:ccSigner

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

pciidex.sys

Sections

.text Size: 1024B - Virtual size: 937B

.rdata Size: 512B - Virtual size: 176B

.data Size: 512B - Virtual size: 272B

.pdata Size: 512B - Virtual size: 72B

INIT Size: 512B - Virtual size: 314B

.rsrc Size: 1024B - Virtual size: 1024B

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 1B

.data Size: 512B - Virtual size: 1B

.bss Size: - Virtual size: 256B

.idata Size: 512B - Virtual size: 83B

2e4d26342802c4f33d87be78a025b47b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 992B

.data
Size: 4KB - Virtual size: 38B

.rsrc
Size: 444KB - Virtual size: 440KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 444B

.bss
Size: - Virtual size: 16B

.edata
Size: 512B - Virtual size: 76B

.idata
Size: 512B - Virtual size: 292B

.reloc
Size: 512B - Virtual size: 164B

61:04:ca:69:00:00:00:00:00:08
Certificate

61:01:c6:c1:00:00:00:00:00:07
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

9b:d4:44:d5:8b:59:cc:a8:32:bb:5f:c9:11:f8:1f:6c:66:b4:0f:cc
Signer

.text
Size: 1024B - Virtual size: 937B

.rdata
Size: 512B - Virtual size: 176B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 72B

INIT
Size: 512B - Virtual size: 314B

.rsrc
Size: 1024B - Virtual size: 1024B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 1B

.data
Size: 512B - Virtual size: 1B

.bss
Size: - Virtual size: 256B

.idata
Size: 512B - Virtual size: 83B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

01:00:00:00:00:01:24:da:79:a3:f3
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

07:21:c4:bd:34:bb:e1:88:3d:48:42:e5:5c:17:e0:f8:75:92:c2:62
Signer

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 29KB - Virtual size: 29KB

.edata
Size: 384B - Virtual size: 326B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 768B - Virtual size: 744B

.reloc
Size: 6KB - Virtual size: 5KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

04:f4:76:ba:91:19:e6:a7:65:98:b1:18:5e:7f:9a:b6
Certificate

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate

1f:32:fa:4e:ed:fb:a0:23:65:3c:09:41:43:d9:09:99:f6:b9:bc:4f
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 776B

.pdata
Size: 1024B - Virtual size: 588B

PAGE
Size: 7KB - Virtual size: 6KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 112B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

04:f4:76:ba:91:19:e6:a7:65:98:b1:18:5e:7f:9a:b6
Certificate

08:1c:57:ee:5d:70:eb:9b:a0:b1:52:0c:72:9c:1b:09
Certificate