809ef3b28b6930e23516cedb7204eb98_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

809ef3b28b6930e23516cedb7204eb98_JaffaCakes118
Size

2.3MB
MD5

809ef3b28b6930e23516cedb7204eb98
SHA1

e2018cbdd4b2b42aea4ee4beab841a1bd4fc0bfd
SHA256

32e70fa362d2eab469e4dc26bce487e76eee34b026dde8b0841b5f868433b132
SHA512

df22f972bb5a5f7fe600c5e925512846eee3d626840dedc14fbf26c76f0fca5ad4adf353ac61eee5dbde41573a680dbc39fcd4044e3865c72e90b22a5eaf9708
SSDEEP

49152:ncwhSY6TqMPrSze29cXG98WPgEHVa6oR5MZTcxXGzWzFemdIy2XbJ:ncsSzbDYf9cWS0/qRee2YRF2LJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/GuJian1.editor.v5.2/GuJianEdit.exe
unpack002/GuJian2.editor.v3.0.0/GuJian2.editor.v3.0.0.exe
unpack002/GuJian2.editor.v3.0.0/TrAntiAntiCheatLoader_x86.dll

Files

809ef3b28b6930e23516cedb7204eb98_JaffaCakes118
.zip
TGP古剑奇谭多功能修改器/下载说明.txt
TGP古剑奇谭多功能修改器/古剑12.zip
.zip
GuJian1.editor.v5.2/GuJianEdit.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GuJian1.editor.v5.2/GuJianEdit.ini
GuJian1.editor.v5.2/exp.db
GuJian2.editor.v3.0.0/GuJian2.editor.v3.0.0.exe
.exe windows:4 windows x86 arch:x86

791813fb30f6d3166d227361c3bf1a53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart

ws2_32

WSAAsyncSelect
closesocket
send
WSACleanup
WSAStartup
inet_ntoa
recvfrom
ioctlsocket
recv
getpeername
accept
select

rasapi32

RasGetConnectStatusA
RasHangUpA

kernel32

GetTimeZoneInformation
FileTimeToSystemTime
GetStartupInfoA
SetLastError
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
GetVersion
lstrcmpiA
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
InterlockedExchange
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
DispatchMessageA
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
DrawTextA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetWindowTextLengthA
GetClassNameA
EnumChildWindows
CallNextHookEx
UnregisterClassA
GetWindowDC
GetSysColorBrush
FrameRect
GetWindowTextA
GetDesktopWindow
GetDlgItem
FindWindowExA
SetWindowTextA
OffsetRect
CharUpperA
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA

gdi32

ExtSelectClipRgn
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Arc
GetTextExtentPoint32A
GetDeviceCaps
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
SetBkMode
MoveToEx
SetTextColor
CreateEllipticRgnIndirect
GetTextMetricsA
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
GetClipRgn
LineTo
RealizePalette

msimg32

GradientFill

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

DragFinish
DragAcceptFiles
Shell_NotifyIconA
DragQueryFileA
ShellExecuteA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

SafeArrayGetUBound
VariantChangeType
VariantClear
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
_TrackMouseEvent
ImageList_LoadImageA
ImageList_Read
ImageList_Duplicate

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetReadFile

comdlg32

ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

Sections

.text
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GuJian2.editor.v3.0.0/GuJian2.ini
GuJian2.editor.v3.0.0/GuJian2_Big5.ini
GuJian2.editor.v3.0.0/TrAntiAntiCheatLoader_x86.dll
.dll windows:5 windows x86 arch:x86

a36bf2bc14dd32315553df0e5f831c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\PRO\TrAntiAntiCheatLoader\Release\TrAntiAntiCheatLoader_x86.pdb

Imports

kernel32

CloseHandle
CreateEventW
GetLastError
GetModuleFileNameW
Sleep
GetModuleHandleW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
RaiseException
HeapAlloc
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
RtlUnwind
LCMapStringW
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW

advapi32

CloseServiceHandle
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW

Exports

Exports

LoadAACDriver
UnLoadAACDriver

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuJian2.editor.v3.0.0/TrAntiAntiCheat_x64.sys
.sys windows:10 windows x64 arch:x64

960ec0d939e5ea631c6052a6eaf72f73

Code Sign

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/03/2011, 00:00

Not After

22/03/2012, 23:59

Subject

CN=上海域联软件技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=上海域联软件技术有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:b9:a9:e6:7f:45:b9:2e:6b:ce:86:5b:3b:5a:9e:9c:f4:34:c3:38
Signer

Actual PE Digest

b6:b9:a9:e6:7f:45:b9:2e:6b:ce:86:5b:3b:5a:9e:9c:f4:34:c3:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

N:\PRO\TrAntiAntiCheat\Release\TrAntiAntiCheat_x64.pdb

Imports

ntoskrnl.exe

PsProcessType
PsThreadType
ObUnRegisterCallbacks
RtlCopyUnicodeString
ObRegisterCallbacks
_vsnwprintf
ZwOpenEvent
KeBugCheckEx
ZwClose

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuJian2.editor.v3.0.0/使用方法.txt
TGP古剑奇谭多功能修改器/数码资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 657KB - Virtual size: 657KB

DATA Size: 12KB - Virtual size: 12KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 43KB - Virtual size: 42KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

791813fb30f6d3166d227361c3bf1a53

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: 856KB - Virtual size: 855KB

.rdata Size: 440KB - Virtual size: 436KB

.data Size: 76KB - Virtual size: 300KB

.rsrc Size: 32KB - Virtual size: 29KB

a36bf2bc14dd32315553df0e5f831c77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

960ec0d939e5ea631c6052a6eaf72f73

Code Sign

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b6:b9:a9:e6:7f:45:b9:2e:6b:ce:86:5b:3b:5a:9e:9c:f4:34:c3:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 228B

.gfids Size: 512B - Virtual size: 4B

CODE
Size: 657KB - Virtual size: 657KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 856KB - Virtual size: 855KB

.rdata
Size: 440KB - Virtual size: 436KB

.data
Size: 76KB - Virtual size: 300KB

.rsrc
Size: 32KB - Virtual size: 29KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b6:b9:a9:e6:7f:45:b9:2e:6b:ce:86:5b:3b:5a:9e:9c:f4:34:c3:38
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 228B

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 36B