b43b3fb42e824d41c7e2e4f4af1c40f591e6dccd9148d6e677d4ef71d9b94940

Sharing

Copy URL

Twitter E-mail

General

Target

b43b3fb42e824d41c7e2e4f4af1c40f591e6dccd9148d6e677d4ef71d9b94940
Size

5.8MB
MD5

9f2d6c96d80ed34c3e73be143c732826
SHA1

42b897625dd6f6e407ac2d48823c7bfa56ef00b1
SHA256

b43b3fb42e824d41c7e2e4f4af1c40f591e6dccd9148d6e677d4ef71d9b94940
SHA512

1f8c4de8fb8251ece7723c420f4b90b4e2bd6cde556215cd530b788dc7199a2c36fb654f388987920a652a3d71380f832b6e6db8dbdb3f97f7d934d0fe41e57a
SSDEEP

98304:S6sx6XGiubCtoOF5JMXMuVUfxRuNVlUg4O9iZncMoaa5PLb+XfGfishvF8Pi77xJ:SF6W1bCt55SMuu5GlXJFMo3Vb++isUib

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
b43b3fb42e824d41c7e2e4f4af1c40f591e6dccd9148d6e677d4ef71d9b94940
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/fixbcd.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

b43b3fb42e824d41c7e2e4f4af1c40f591e6dccd9148d6e677d4ef71d9b94940
.exe windows:4 windows x86 arch:x86

59a4a44a250c4cf4f2d9de2b3fe5d95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
lstrlenA
lstrcmpA
GetModuleHandleA
GlobalFree
MulDiv
lstrcpynA
GlobalAlloc
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ExWinDLL.dll
.dll windows:5 windows x86 arch:x86

874f4370477af2cbc325d988165f612c

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:72:d0:f7:1e:07:66:60:2f:67:2c:a9:05:2e:d1:24:03:1c:66:0d
Signer

Actual PE Digest

6f:72:d0:f7:1e:07:66:60:2f:67:2c:a9:05:2e:d1:24:03:1c:66:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyA
lstrcmpiA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtectEx
VirtualAlloc
Sleep
SizeofResource
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
OutputDebugStringA
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
MessageBoxW
CharUpperBuffW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetThreadToken
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
DuplicateToken
AdjustTokenPrivileges

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

ole32

CoUninitialize
CoInitialize

wsock32

WSAStartup

cfgmgr32

CM_Get_DevNode_Status
CM_Get_Device_IDA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

ntdll

RtlAdjustPrivilege
NtShutdownSystem

Exports

Exports

RemoveHook
SetHook

Sections

CODE
Size: - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OemText_en.ini
OemText_gb.ini
OemText_jp.ini
cacflt12.sys
.sys windows:6 windows x86 arch:x86

50b74ab1089330141e1f69a599436326

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:14:cc:2b:0d:c9:08:e9:69:5e:2c:d2:35:47:a8:44:51:d9:0e:10
Signer

Actual PE Digest

68:14:cc:2b:0d:c9:08:e9:69:5e:2c:d2:35:47:a8:44:51:d9:0e:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\nzcacflt\objfre_wlh_x86\i386\cacflt12.pdb

Imports

ntoskrnl.exe

KeReleaseSemaphore
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
KeInitializeEvent
IofCompleteRequest
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
memcpy
_wcsnicmp
ObQueryNameString
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoFreeIrp
_stricmp
memset
IoDetachDevice
ObfDereferenceObject
ExfInterlockedRemoveHeadList
KeSetPriorityThread
KeGetCurrentThread
ZwSetValueKey
ZwOpenKey
ZwCreateKey
RtlInitUnicodeString
swprintf
_allrem
IoDeleteDevice
_allshr
ExfInterlockedInsertTailList
MmMapLockedPagesSpecifyCache
_alldvrm
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateDevice
MmGetPhysicalMemoryRanges
ExInitializeNPagedLookasideList
RtlQueryRegistryValues
MmUnmapIoSpace
MmMapIoSpace
MmFreePagesFromMdl
MmUnmapLockedPages
InterlockedPopEntrySList
InterlockedPushEntrySList
MmAllocatePagesForMdlEx
DbgPrint
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateIrp
KeTickCount
KeBugCheckEx
RtlUnwind
KeWaitForSingleObject
_alldiv
KeSetEvent

Exports

Exports

AddLRUCacheToCacFlt
AllocateLRUMem
AllocateMinLRUMem
AsyncReadBlockDeviceWithMdl
AsyncReadBlockDeviceWithMdlByOverLap
FreeLRUMem
GetOverlapStatus
GetRealOffLenByArrayBit
InitCacheLookasideList
InitSystemRamSize
IoAllocateMdlWithMasterOffset
IoAllocateMdlWithNonPagedBuf
IoBuildAsyncFsdRequestWithMDL
Minimum
NxDAllocateMdl
NxDFreeMdl
NxDMmUnlockPages
ReadLRUCacheFromCacFlt
SetArrayBit
SyncReadBlockDevice
TestArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 715B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacflt22.sys
.sys windows:6 windows x64 arch:x64

4d321680674bb2d9a9486422f8c105fe

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:9d:13:5a:db:67:e7:fb:17:bf:bd:35:c9:98:1b:b5:8c:30:23:cf
Signer

Actual PE Digest

cc:9d:13:5a:db:67:e7:fb:17:bf:bd:35:c9:98:1b:b5:8c:30:23:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\nzcacflt\objfre_wlh_amd64\amd64\cacflt22.pdb

Imports

ntoskrnl.exe

ExInterlockedRemoveHeadList
ZwQueryValueKey
ExFreePoolWithTag
ZwCreateKey
ExAllocatePoolWithTag
ZwOpenKey
ObQueryNameString
ZwSetValueKey
_wcsnicmp
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoFreeIrp
KeSetEvent
_stricmp
KeInitializeSemaphore
ExInterlockedInsertTailList
KeReleaseSemaphore
swprintf
KeWaitForSingleObject
RtlInitUnicodeString
IoCreateDevice
PsCreateSystemThread
IoAttachDeviceToDeviceStack
ObReferenceObjectByHandle
IoCreateSymbolicLink
ZwClose
IoDeleteDevice
IofCallDriver
MmMapLockedPagesSpecifyCache
KeInitializeEvent
ObfDereferenceObject
PoStartNextPowerIrp
IoDetachDevice
MmGetPhysicalMemoryRanges
ExInitializeNPagedLookasideList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
RtlQueryRegistryValues
MmMapIoSpace
MmUnmapIoSpace
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmUnmapLockedPages
DbgPrint
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateIrp
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmUnlockPages
KeBugCheckEx
KeSetPriorityThread
IofCompleteRequest
PoCallDriver
__C_specific_handler

Exports

Exports

AddLRUCacheToCacFlt
AllocateLRUMem
AllocateMinLRUMem
AsyncReadBlockDeviceWithMdl
AsyncReadBlockDeviceWithMdlByOverLap
FreeLRUMem
GetOverlapStatus
GetRealOffLenByArrayBit
InitCacheLookasideList
InitSystemRamSize
IoAllocateMdlWithMasterOffset
IoAllocateMdlWithNonPagedBuf
IoBuildAsyncFsdRequestWithMDL
Minimum
NxDAllocateMdl
NxDFreeMdl
NxDMmUnlockPages
ReadLRUCacheFromCacFlt
SetArrayBit
SyncReadBlockDevice
TestArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 715B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
devcon.exe
.exe windows:6 windows x86 arch:x86

06694565e94cd10f48e1e4b90bc04bc2

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:f7:11:13:6a:ef:f5:7e:4d:e0:ca:10:d5:82:1e:4c:b1:a2:f5:28
Signer

Actual PE Digest

bc:f7:11:13:6a:ef:f5:7e:4d:e0:ca:10:d5:82:1e:4c:b1:a2:f5:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

devcon.pdb

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

kernel32

LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
GetLastError
lstrlenW
GetDateFormatW
FileTimeToSystemTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

fputws
fputs
__iob_func
??3@YAXPAX@Z
memset
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wprintf
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z

ntdll

RtlUnwind

ole32

CLSIDFromString

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetClassDescriptionExW
SetupCloseInfFile
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
CM_Get_First_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW

user32

LoadStringW
CharNextW
CharPrevW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fixbcd.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 789KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hddflt12.sys
.sys windows:6 windows x86 arch:x86

aba16ed0607fe5dc2b097e52b7ccc1e9

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:51:d5:6d:5d:13:e0:71:25:1f:6a:d9:72:39:91:55:7a:fe:64:75
Signer

Actual PE Digest

5d:51:d5:6d:5d:13:e0:71:25:1f:6a:d9:72:39:91:55:7a:fe:64:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\nzhddflt\objfre_wlh_x86\i386\nzhddflt.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
memcpy
ZwClose
ZwOpenKey
RtlInitUnicodeString
swprintf
memset
IofCallDriver
IofCompleteRequest
_wcsnicmp
ObQueryNameString
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IoDetachDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hddflt22.sys
.sys windows:6 windows x64 arch:x64

83c3f64149edcda78a27090800da0ebe

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:25:e6:b1:98:b4:e5:5a:53:95:e7:f8:6c:35:91:48:95:2f:cc:4e
Signer

Actual PE Digest

81:25:e6:b1:98:b4:e5:5a:53:95:e7:f8:6c:35:91:48:95:2f:cc:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\nzhddflt\objfre_wlh_amd64\amd64\nzhddflt.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ExFreePoolWithTag
ExAllocatePoolWithTag
swprintf
RtlInitUnicodeString
ZwOpenKey
ZwClose
IofCallDriver
IofCompleteRequest
ObQueryNameString
_wcsnicmp
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoDetachDevice
KeBugCheckEx

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxd12.sys
.sys windows:6 windows x86 arch:x86

d7fbcaa7406aafa5a928318d345a4677

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:e3:6b:1f:9a:f1:25:23:af:b6:9c:8d:1a:ad:90:5a:86:a1:f0:45
Signer

Actual PE Digest

46:e3:6b:1f:9a:f1:25:23:af:b6:9c:8d:1a:ad:90:5a:86:a1:f0:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedPushEntrySList
ExfInterlockedInsertTailList
ExfInterlockedInsertHeadList
KeQuerySystemTime
KeSetEvent
IofCompleteRequest
IoFreeIrp
ExDeleteNPagedLookasideList
IoRaiseInformationalHardError
KeGetCurrentThread
IoSetThreadHardErrorMode
IoInvalidateDeviceRelations
memcpy
memset
_allmul
InterlockedPopEntrySList
IoGetRelatedDeviceObject
IoAllocateIrp
ObReferenceObjectByHandle
ZwCreateFile
IoCancelIrp
MmMapLockedPagesSpecifyCache
ZwClose
IoBuildPartialMdl
IoAllocateMdl
ExInitializeNPagedLookasideList
RtlGetVersion
PsCreateSystemThread
IoAttachDeviceToDeviceStack
swprintf
ObfReferenceObject
IoDetachDevice
ObReferenceObjectByPointer
IoReuseIrp
KeDelayExecutionThread
KeReadStateSemaphore
sprintf
vsprintf
ZwQueryValueKey
ZwSetValueKey
ZwOpenKey
_alldiv
KeSetPriorityThread
IoFreeMdl
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
MmUnlockPages
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ZwDeleteKey
ZwCreateKey
IoGetDeviceProperty
_wcsnicmp
ObReferenceObjectByName
IoDriverObjectType
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
KeTickCount
KeBugCheckEx
RtlUnwind
IoGetDeviceObjectPointer
KeInitializeEvent
IoBuildDeviceIoControlRequest
ObfDereferenceObject
IofCallDriver
ExAllocatePoolWithTag
_allshr
KeReleaseSemaphore
PsTerminateSystemThread
ExfInterlockedRemoveHeadList
KeInitializeSemaphore
KeWaitForSingleObject
ExFreePoolWithTag
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
PsGetVersion
IoRegisterLastChanceShutdownNotification
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
HalDisplayString
KeStallExecutionProcessor
HalMakeBeep

tdi.sys

TdiReturnChainedReceives
TdiCopyMdlToBuffer
TdiRegisterPnPHandlers

netio.sys

WskRegister
WskReleaseProviderNPI
WskDeregister
WskCaptureProviderNPI

nxdpro12.sys

SetEnableControl
InitProtocol
DisableProtocol
SendBufToProtocol

Exports

Exports

NotifyCacheInfoToNxD

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxd22.sys
.sys windows:6 windows x64 arch:x64

a13945e03be1d3d88938112e1cf1d8a8

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:03:35:3e:73:0b:d5:9c:0f:b0:8f:72:63:b0:46:26:6b:a5:48:df
Signer

Actual PE Digest

89:03:35:3e:73:0b:d5:9c:0f:b0:8f:72:63:b0:46:26:6b:a5:48:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeEvent
IoBuildDeviceIoControlRequest
ObfDereferenceObject
PsGetVersion
IofCallDriver
KeReadStateSemaphore
KeSetEvent
IofCompleteRequest
IoFreeIrp
ExDeleteNPagedLookasideList
IoSetThreadHardErrorMode
IoRaiseInformationalHardError
IoInvalidateDeviceRelations
IoGetRelatedDeviceObject
IoAllocateIrp
IoCancelIrp
MmMapLockedPagesSpecifyCache
ExAcquireFastMutex
ExReleaseFastMutex
ExpInterlockedPopEntrySList
ZwCreateFile
ObReferenceObjectByHandle
IoBuildPartialMdl
ZwClose
IoAllocateMdl
PsCreateSystemThread
ExInitializeNPagedLookasideList
RtlGetVersion
IoAttachDeviceToDeviceStack
ObfReferenceObject
swprintf
IoDetachDevice
ObReferenceObjectByPointer
IoReuseIrp
IoAllocateErrorLogEntry
KeDelayExecutionThread
IoGetDeviceObjectPointer
sprintf
IoGetDeviceProperty
_wcsnicmp
vsprintf
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
KeSetPriorityThread
MmBuildMdlForNonPagedPool
MmProbeAndLockPages
IoFreeMdl
MmUnlockPages
ObReferenceObjectByName
IoDriverObjectType
RtlGetCompressionWorkSpaceSize
RtlCompressBuffer
KeBugCheckEx
IoDeleteDevice
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPushEntrySList
ExInterlockedInsertTailList
ExInterlockedInsertHeadList
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForSingleObject
IoWriteErrorLogEntry
IoRegisterLastChanceShutdownNotification
__C_specific_handler
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeStallExecutionProcessor
HalDisplayString
HalMakeBeep

tdi.sys

TdiCopyMdlToBuffer
TdiRegisterPnPHandlers
TdiReturnChainedReceives

netio.sys

WskRegister
WskCaptureProviderNPI
WskDeregister
WskReleaseProviderNPI

nxdpro22.sys

SetEnableControl
InitProtocol
DisableProtocol
SendBufToProtocol

Exports

Exports

NotifyCacheInfoToNxD

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxddsk.inf
nxddsk12.sys
.sys windows:6 windows x86 arch:x86

6735e58b4f44398347df38be2bfbbdd3

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:f0:d2:76:32:bb:b2:d4:72:c9:5a:23:bf:40:38:95:d5:0b:dd:d5
Signer

Actual PE Digest

8a:f0:d2:76:32:bb:b2:d4:72:c9:5a:23:bf:40:38:95:d5:0b:dd:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\nxddsk\objfre_wlh_x86\i386\nxddsk.pdb

Imports

ntoskrnl.exe

memcpy
memset
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
ZwClose
ZwOpenKey
RtlInitUnicodeString
swprintf
IoReadPartitionTableEx
_alldiv
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoVerifyPartitionTable
IoSetPartitionInformation
KeSetEvent
KeWaitForSingleObject
IoInvalidateDeviceRelations
IoCreateDisk
sprintf
_allrem
_allmul
IofCallDriver
ObQueryNameString
IoGetConfigurationInformation
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwMakeTemporaryObject
ZwCreateDirectoryObject
IoBuildDeviceIoControlRequest
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateSymbolicLink
IoDeleteSymbolicLink
ObfReferenceObject
RtlStringFromGUID
IoDetachDevice
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCompleteRequest
memmove
ObReferenceObjectByPointer
IoReadDiskSignature
KeTickCount
KeBugCheckEx
KeInitializeEvent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxddsk22.sys
.sys windows:6 windows x64 arch:x64

6d182e1d2d89f2bf1469c822fd77156f

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:a7:17:c2:54:9a:7d:2a:e6:12:89:e3:4e:36:d6:1c:40:09:05:df
Signer

Actual PE Digest

f1:a7:17:c2:54:9a:7d:2a:e6:12:89:e3:4e:36:d6:1c:40:09:05:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\nxddsk\objfre_wlh_amd64\amd64\nxddsk.pdb

Imports

ntoskrnl.exe

IoInvalidateDeviceRelations
IoSetPartitionInformationEx
IoGetAttachedDeviceReference
IoGetConfigurationInformation
IoAttachDeviceToDeviceStack
IoCreateDisk
IoBuildDeviceIoControlRequest
IoDetachDevice
IoDeleteSymbolicLink
ExFreePoolWithTag
IoReadDiskSignature
ObfReferenceObject
IoSetPartitionInformation
IoCreateSymbolicLink
IoRegisterDeviceInterface
RtlFreeUnicodeString
ObfDereferenceObject
IoSetDeviceInterfaceState
ZwMakeTemporaryObject
IoBuildSynchronousFsdRequest
IoCreateDevice
RtlInitUnicodeString
ZwQueryValueKey
IoDeleteDevice
IoWritePartitionTableEx
KeSetEvent
swprintf
IoVerifyPartitionTable
ZwClose
ObReferenceObjectByPointer
sprintf
IofCompleteRequest
IoReadPartitionTableEx
KeInitializeEvent
ExAllocatePoolWithTag
IofCallDriver
RtlStringFromGUID
ZwCreateDirectoryObject
ZwOpenKey
KeWaitForSingleObject
KeBugCheckEx
ObQueryNameString

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdhlp12.sys
.sys windows:6 windows x86 arch:x86

9a3ec5d8a81e0709c64223ff2f79d227

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:66:58:9f:73:6e:53:ed:60:04:7c:70:7b:89:e9:a1:38:29:5b:54
Signer

Actual PE Digest

f7:66:58:9f:73:6e:53:ed:60:04:7c:70:7b:89:e9:a1:38:29:5b:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlCreateRegistryKey
RtlCheckRegistryKey
ZwMakeTemporaryObject
ZwCreateDirectoryObject
ZwEnumerateKey
RtlAppendUnicodeToString
_wcsicmp
memcpy
CmRegisterCallbackEx
IofCompleteRequest
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalMemoryRanges
MmGetSystemRoutineAddress
RtlFreeUnicodeString
InitSafeBootMode
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeWaitForSingleObject
IoRegisterDriverReinitialization
IoRegisterBootDriverReinitialization
PsGetVersion
ObQueryNameString
MmIsAddressValid
RtlPrefixUnicodeString
wcsncat
wcsstr
RtlUnicodeStringToInteger
wcsncpy
CmUnRegisterCallback
ZwOpenKey
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
KeInitializeEvent
_wcsnicmp
IoBuildSynchronousFsdRequest
IoDetachDevice
IoAttachDeviceToDeviceStack
IoGetDeviceProperty
KeDelayExecutionThread
InbvEnableDisplayString
sprintf
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
IoCreateSymbolicLink
KeTickCount
KeBugCheckEx
IoDeleteDevice
memset
ExAllocatePoolWithTag
swprintf
RtlInitUnicodeString
ZwCreateKey
ZwSetValueKey
ZwClose
ExFreePoolWithTag
RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalDisplayString
HalGetBusDataByOffset
HalMakeBeep

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdhlp22.sys
.sys windows:6 windows x64 arch:x64

f1d4e90dc2bf1660aea8948dd59f4cf2

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:b5:39:ea:f5:49:50:1e:a3:16:1f:12:09:8d:19:c9:35:6c:35:e1
Signer

Actual PE Digest

9d:b5:39:ea:f5:49:50:1e:a3:16:1f:12:09:8d:19:c9:35:6c:35:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlPrefixUnicodeString
ZwSetValueKey
ZwClose
wcsstr
RtlInitAnsiString
ExFreePoolWithTag
wcsncat
RtlAnsiStringToUnicodeString
IoDeleteDevice
RtlUnicodeStringToInteger
ZwOpenKey
InitSafeBootMode
wcsncpy
IoCreateDevice
RtlCheckRegistryKey
RtlFreeUnicodeString
RtlCreateRegistryKey
ZwCreateDirectoryObject
ZwMakeTemporaryObject
KeWaitForSingleObject
ZwEnumerateKey
CmUnRegisterCallback
RtlAppendUnicodeToString
PsGetVersion
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
_wcsicmp
MmIsAddressValid
CmRegisterCallbackEx
IofCompleteRequest
ZwCreateKey
_wcsnicmp
IoBuildSynchronousFsdRequest
IoAttachDeviceToDeviceStack
IoDetachDevice
IoGetDeviceProperty
IofCallDriver
PoStartNextPowerIrp
PoCallDriver
KeInitializeEvent
sprintf
InbvEnableDisplayString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
KeDelayExecutionThread
IoCreateSymbolicLink
KeBugCheckEx
MmGetPhysicalMemoryRanges
RtlInitUnicodeString
MmGetSystemRoutineAddress
swprintf
ExAllocatePoolWithTag
MmUnmapIoSpace
ObQueryNameString
MmMapIoSpace
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalDisplayString
HalGetBusDataByOffset
HalMakeBeep

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdpac_x64.sys
.sys windows:6 windows x64 arch:x64

f8f064b874543e403bdbf6652a30c1e2

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:38:81:e8:92:82:ed:89:38:e1:99:1c:ce:66:af:00:06:99:65:e1
Signer

Actual PE Digest

72:38:81:e8:92:82:ed:89:38:e1:99:1c:ce:66:af:00:06:99:65:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\hxd\hxd3\nzgm\src\hxd_cli\drivers\nxdpac\objfre_win7_amd64\amd64\nxdpac.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
ExFreePoolWithTag
RtlUpcaseUnicodeString
RtlInitUnicodeString
IoDeleteDevice
swprintf
KeInitializeEvent
ObQueryNameString
IoGetDeviceObjectPointer
RtlPrefixUnicodeString
IofCompleteRequest
KeWaitForSingleObject
IoGetDeviceInterfaces
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IofCallDriver
ZwQueryValueKey
ZwClose
ZwOpenKey
vsprintf
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetEvent
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeBugCheckEx
IoCreateDevice
ExAllocatePoolWithTag

usbd.sys

USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdpac_x86.sys
.sys windows:6 windows x86 arch:x86

47b6d1f9570259b62e595f4a5805bfea

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:62:25:fe:35:bd:ba:9f:d6:31:69:16:0b:55:73:05:3d:6e:04:db
Signer

Actual PE Digest

ca:62:25:fe:35:bd:ba:9f:d6:31:69:16:0b:55:73:05:3d:6e:04:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\hxd\hxd3\nzgm\src\hxd_cli\drivers\nxdpac\objfre_win7_x86\i386\nxdpac.pdb

Imports

ntoskrnl.exe

ObfDereferenceObject
RtlUpcaseUnicodeString
ObQueryNameString
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
RtlPrefixUnicodeString
ObfReferenceObject
IoGetDeviceObjectPointer
IoGetDeviceInterfaces
swprintf
IoCreateSymbolicLink
memset
ZwQueryValueKey
memcpy
ZwClose
ZwOpenKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
vsprintf
KeSetEvent
IoAllocateIrp
IoCancelIrp
_allmul
IoFreeIrp
KeTickCount
KeBugCheckEx
IofCompleteRequest
ExAllocatePoolWithTag
memmove
IoCreateDevice
ExFreePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdpro12.cat
nxdpro12.inf
nxdpro12.sys
.sys windows:6 windows x86 arch:x86

401c86a264cad4a22f6454b483715613

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:93:06:19:59:74:3a:3b:cd:da:a0:b2:2a:d1:d7:ab:8e:a4:50:76
Signer

Actual PE Digest

b1:93:06:19:59:74:3a:3b:cd:da:a0:b2:2a:d1:d7:ab:8e:a4:50:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\nxdpro\objfre_wlh_x86\i386\nxdpro12.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ZwClose
ZwOpenKey
ExfInterlockedRemoveHeadList
PsGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
RtlGetCompressionWorkSpaceSize
RtlCompressBuffer
ExFreePoolWithTag
sprintf
KeQuerySystemTime
KeWaitForSingleObject
MmUnlockPages
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmProbeAndLockPages
IoFreeMdl
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeReleaseSemaphore
IoReleaseCancelSpinLock
MmMapLockedPagesSpecifyCache
InterlockedPopEntrySList
ExAllocatePoolWithTag
ExfInterlockedInsertTailList
_wcsnicmp
memcpy
memset
IoCreateDevice
IoCreateSymbolicLink
KeInitializeSemaphore
IofCompleteRequest
RtlInitUnicodeString
IoDeleteSymbolicLink
swprintf
IoDeleteDevice

hal

KfReleaseSpinLock
KfAcquireSpinLock
HalDisplayString
KeStallExecutionProcessor

ndis.sys

NdisFreeNetBufferList
NdisReturnNetBufferLists
NdisAllocateNetBufferAndNetBufferList
NdisFreeMdl
NdisAllocateMemoryWithTag
NdisAllocateNetBufferListPool
NdisOpenAdapterEx
NdisCancelSendNetBufferLists
NdisCloseAdapterEx
NdisOidRequest
NdisDeregisterProtocolDriver
NdisFreeNetBufferListPool
NdisSetEvent
NdisInitializeEvent
NdisRegisterProtocolDriver
NdisGeneratePartialCancelId
NdisWaitEvent
NdisFreeMemory
NdisSendNetBufferLists
NdisQueryAdapterInstanceName

Exports

Exports

DisableProtocol
InitProtocol
NotifyArpToProt
RcvBufFromProtocol
ReadArpMac
SendBufToProtocol
SetEnableControl

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdpro22.cat
nxdpro22.inf
nxdpro22.sys
.sys windows:6 windows x64 arch:x64

e67f7e9a13f1b58ae37867c1ae4ae37f

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:4d:f1:71:90:c6:da:d6:fd:c7:18:b5:27:a8:d0:2b:b8:ed:1a:da
Signer

Actual PE Digest

91:4d:f1:71:90:c6:da:d6:fd:c7:18:b5:27:a8:d0:2b:b8:ed:1a:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\nxdpro\objfre_wlh_amd64\amd64\nxdpro22.pdb

Imports

ntoskrnl.exe

ExInterlockedRemoveHeadList
PsGetVersion
swprintf
sprintf
ZwClose
ZwQueryValueKey
KeBugCheckEx
ExFreePoolWithTag
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
KeWaitForSingleObject
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
ExAllocatePoolWithTag
KeReleaseSemaphore
ExInterlockedInsertTailList
ExpInterlockedPopEntrySList
IoReleaseCancelSpinLock
MmMapLockedPagesSpecifyCache
_wcsnicmp
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeInitializeSemaphore
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockRaiseToDpc
ZwOpenKey
KeAcquireSpinLockAtDpcLevel
__C_specific_handler

hal

KeStallExecutionProcessor
HalDisplayString

ndis.sys

NdisCancelSendNetBufferLists
NdisSendNetBufferLists
NdisFreeMdl
NdisAllocateNetBufferAndNetBufferList
NdisReturnNetBufferLists
NdisFreeNetBufferList
NdisOidRequest
NdisDeregisterProtocolDriver
NdisCloseAdapterEx
NdisQueryAdapterInstanceName
NdisOpenAdapterEx
NdisAllocateNetBufferListPool
NdisSetEvent
NdisAllocateMemoryWithTag
NdisGeneratePartialCancelId
NdisRegisterProtocolDriver
NdisInitializeEvent
NdisFreeMemory
NdisWaitEvent
NdisFreeNetBufferListPool

Exports

Exports

DisableProtocol
InitProtocol
NotifyArpToProt
RcvBufFromProtocol
ReadArpMac
SendBufToProtocol
SetEnableControl

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdsta12.sys
.sys windows:6 windows x86 arch:x86

4bb15ca6d7bc1881e466c7d4536f9a65

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:a1:3f:0c:fb:31:5e:7d:ce:c6:d4:07:18:5a:f2:fb:ef:9e:a2:7a
Signer

Actual PE Digest

74:a1:3f:0c:fb:31:5e:7d:ce:c6:d4:07:18:5a:f2:fb:ef:9e:a2:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\nxdstat\objfre_wlh_x86\i386\nxdstat.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
memcpy
_wcsicmp
ZwClose
RtlInitUnicodeString
_wcsnicmp
ZwOpenKey
swprintf
memset
ZwEnumerateKey
IoCreateDevice
PsGetVersion
ZwEnumerateValueKey
ZwSetValueKey
RtlDeleteRegistryValue
RtlPrefixUnicodeString
_vsnwprintf
RtlCheckRegistryKey
CmRegisterCallback
IoRegisterDriverReinitialization
ZwCreateKey
ObQueryNameString
MmIsAddressValid
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdsta22.sys
.sys windows:6 windows x64 arch:x64

efa555a2d7c3160a4f556794e8bfd7bb

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:7b:1e:c2:d4:19:40:45:be:2d:16:f3:77:9b:2a:d1:17:57:e3:c4
Signer

Actual PE Digest

73:7b:1e:c2:d4:19:40:45:be:2d:16:f3:77:9b:2a:d1:17:57:e3:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\nxdstat\objfre_wlh_amd64\amd64\nxdstat.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ExFreePoolWithTag
ExAllocatePoolWithTag
_wcsicmp
RtlInitUnicodeString
ZwClose
ZwOpenKey
_wcsnicmp
swprintf
ZwEnumerateKey
IoCreateDevice
PsGetVersion
RtlPrefixUnicodeString
CmRegisterCallback
_vsnwprintf
ZwEnumerateValueKey
ZwSetValueKey
IoRegisterDriverReinitialization
RtlDeleteRegistryValue
RtlCheckRegistryKey
MmIsAddressValid
ObQueryNameString
ZwCreateKey
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxpauxsvc.exe
.exe windows:5 windows x86 arch:x86

139c1ac25ffba1fadf766db9357fe8c2

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:8b:46:aa:91:fd:40:11:7f:4f:65:57:4a:b1:13:0a:02:91:db:5b
Signer

Actual PE Digest

e0:8b:46:aa:91:fd:40:11:7f:4f:65:57:4a:b1:13:0a:02:91:db:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SuspendThread
Sleep
SizeofResource
SetVolumeLabelA
SetThreadLocale
SetLocalTime
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceA
OutputDebugStringA
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep
FindVolumeClose
FindNextVolumeA
FindFirstVolumeA
FindNextVolumeA
FindFirstVolumeA
FindVolumeClose
SetVolumeMountPointA
DeleteVolumeMountPointA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
keybd_event
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
MessageBoxW
CharUpperBuffW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetThreadToken
RevertToSelf
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
DuplicateToken
DeregisterEventSource
AdjustTokenPrivileges
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LsaClose
LsaStorePrivateData
LsaOpenPolicy

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wininet

InternetReadFile
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA

wsock32

__WSAFDIsSet
WSAStartup
WSAAsyncSelect
gethostbyname
socket
setsockopt
send
select
recvfrom
recv
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
connect
closesocket
bind
sendto

cfgmgr32

CM_Get_DevNode_Status
CM_Get_Device_IDA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetAdaptersInfo
GetAdaptersInfo
GetBestInterface
DeleteIpForwardEntry
CreateIpForwardEntry
GetIpForwardTable

ntdll

RtlAdjustPrivilege
NtShutdownSystem

netapi32

NetApiBufferFree
NetGetJoinInformation

iscsidsc

LoginIScsiTargetW
RemoveIScsiSendTargetPortalW
ReportIScsiSendTargetPortalsW
AddIScsiSendTargetPortalW

ws2_32

WSASend

Sections

CODE
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nxplan_en.ini
nxplan_gb.ini
nxplan_jp.ini
nxprun.exe
.exe windows:5 windows x86 arch:x86

b31116b720d07b87eb6a1428a3826295

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:83:4a:7f:c3:ab:44:36:55:dc:dc:94:75:a9:71:49:5b:d6:4b:13
Signer

Actual PE Digest

90:83:4a:7f:c3:ab:44:36:55:dc:dc:94:75:a9:71:49:5b:d6:4b:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceA
OutputDebugStringA
OpenProcess
OpenMutexA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateHardLinkA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep
FindVolumeClose
FindNextVolumeA
FindFirstVolumeA
FindNextVolumeA
FindFirstVolumeA
FindVolumeClose
GetFinalPathNameByHandleW
CreateSymbolicLinkW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsA
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
ChangeDisplaySettingsA
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
MessageBoxW
CharUpperBuffW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetThreadToken
SetSecurityDescriptorDacl
SetFileSecurityA
RevertToSelf
RegUnLoadKeyA
RegSetValueExA
RegSaveKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
MakeAbsoluteSD
LookupPrivilegeValueA
LookupAccountNameA
InitializeSecurityDescriptor
InitializeAcl
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorControl
GetLengthSid
GetFileSecurityA
GetAce
DuplicateToken
CopySid
AdjustTokenPrivileges
AddAccessAllowedAce
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfigA
ChangeServiceConfig2A
SetNamedSecurityInfoA
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
OpenProcessToken

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
SysFreeString

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
EndPage
EndDoc
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
DeletePrinter
ClosePrinter

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHChangeNotify

wininet

InternetReadFile
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

wsock32

TransmitFile
__WSAFDIsSet
WSAStartup
socket
setsockopt
sendto
send
select
recvfrom
recv
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
getsockname
connect
closesocket
bind
accept

cfgmgr32

CM_Get_DevNode_Status
CM_Get_Device_IDA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetAdaptersInfo
SendARP
GetAdaptersInfo
GetIpForwardTable

ntdll

RtlAdjustPrivilege
NtShutdownSystem
RtlZeroMemory
RtlInitUnicodeString
RtlFreeHeap
RtlCreateHeap
RtlAllocateHeap
NtQueryAttributesFile
NtFsControlFile
NtCreateFile
NtClose
DbgPrint

netapi32

NetApiBufferFree
NetGetJoinInformation

ws2_32

WSASend

virtdisk

GetVirtualDiskInformation
DetachVirtualDisk
AttachVirtualDisk
CreateVirtualDisk
OpenVirtualDisk

blood.v2

SetMiscInfo
SetSessionListenPort
ForceReannounce
RemoveTask
GetTaskStatus
NewTask

Sections

CODE
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 18B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nznat.exe
.sys windows:4 windows x86 arch:x86

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:00:03:67:bb:35:c7:33:40:40:5b:fe:51:d8:61:50:bd:df:8d:5e
Signer

Actual PE Digest

ac:00:03:67:bb:35:c7:33:40:40:5b:fe:51:d8:61:50:bd:df:8d:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx1
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nznat64.exe
.sys windows:4 windows x64 arch:x64

bf281c55a8feeb070bacfb8784895575

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:6d:6f:5c:e6:ec:7e:e5:4e:b3:38:9f:cb:d2:3a:e3:c9:9d:51:c0
Signer

Actual PE Digest

40:6d:6f:5c:e6:ec:7e:e5:4e:b3:38:9f:cb:d2:3a:e3:c9:9d:51:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

DbgPrint
NtClose
NtCreateFile
NtCreateKey
NtCreatePagingFile
NtDelayExecution
NtDeleteFile
NtDeleteValueKey
NtDeviceIoControlFile
NtFlushKey
NtFsControlFile
NtLoadKey
NtOpenFile
NtOpenKey
NtOpenSymbolicLinkObject
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
NtQueryValueKey
NtReadFile
NtResumeThread
NtSetInformationFile
NtSetValueKey
NtWaitForSingleObject
NtWriteFile
RtlAdjustPrivilege
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
RtlDosPathNameToNtPathName_U
RtlEqualUnicodeString
RtlFreeAnsiString
RtlFreeHeap
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwDisplayString
_wcsicmp
swprintf
wcscat
wcscpy
wcslen
wcsncpy
wcsstr
DbgPrint
NtClose
NtCreateFile
NtCreateKey
NtCreatePagingFile
NtDelayExecution
NtDeleteFile
NtDeleteValueKey
NtDeviceIoControlFile
NtFlushKey
NtFsControlFile
NtLoadKey
NtOpenFile
NtOpenKey
NtOpenSymbolicLinkObject
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
NtQueryValueKey
NtReadFile
NtResumeThread
NtSetInformationFile
NtSetValueKey
NtWaitForSingleObject
NtWriteFile
RtlAdjustPrivilege
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
RtlDosPathNameToNtPathName_U
RtlEqualUnicodeString
RtlFreeAnsiString
RtlFreeHeap
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwDisplayString
_wcsicmp
swprintf
wcscat
wcscpy
wcslen
wcsncpy
wcsstr

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
oeminfo_en.ini
oeminfo_gb.ini
oeminfo_jp.ini
oemlogo_en.bmp
oemlogo_gb.bmp
oemlogo_jp.bmp
screenhooks32.dll
.dll windows:5 windows x86 arch:x86

0101d2319e8d5729b16442497b88c849

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:d3:ca:6b:0e:4f:36:0c:37:f0:89:04:24:1c:2a:cb:e2:00:e8:e7
Signer

Actual PE Digest

aa:d3:ca:6b:0e:4f:36:0c:37:f0:89:04:24:1c:2a:cb:e2:00:e8:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\build\tightvnc-2.7.7\Release\screenhooks32.pdb

Imports

user32

RegisterWindowMessageW
ClientToScreen
GetWindowRect
PostMessageW
CallNextHookEx
GetClientRect
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics

kernel32

GetEnvironmentStrings
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA

Exports

Exports

setHook
unsetHook

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swpflt12.sys
.sys windows:6 windows x86 arch:x86

b9c6e999f72489166b8ea9af7c107590

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:0b:07:00:1e:83:44:f0:c6:04:c9:7b:d1:cf:66:bd:b1:20:db:53
Signer

Actual PE Digest

0b:0b:07:00:1e:83:44:f0:c6:04:c9:7b:d1:cf:66:bd:b1:20:db:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\swapflt\objfre_wlh_x86\i386\swapflt.pdb

Imports

ntoskrnl.exe

_allshr
_wcsnicmp
ObQueryNameString
ZwSetValueKey
KeInitializeEvent
IoBuildDeviceIoControlRequest
_allmul
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_stricmp
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoDetachDevice
ObfDereferenceObject
KeDelayExecutionThread
_alldiv
ZwWriteFile
ZwClose
MmMapLockedPagesSpecifyCache
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_allrem
_alldvrm
ExfInterlockedRemoveHeadList
IoCreateDevice
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeQuerySystemTime
IoCreateSymbolicLink
ZwReadFile
ZwSetInformationFile
ZwCreateFile
RtlFreeUnicodeString
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
RtlUnwind
memcpy
ExFreePoolWithTag
IofCompleteRequest
PoStartNextPowerIrp
PoCallDriver
IofCallDriver
KeInitializeSemaphore
PsCreateSystemThread
ObReferenceObjectByHandle
KeReleaseSemaphore
IoDeleteDevice
KeWaitForSingleObject
KeSetEvent
memset
swprintf
RtlInitUnicodeString
ZwOpenKey
ZwQueryInformationFile
RtlDeleteRegistryValue
ZwQueryValueKey
ExfInterlockedInsertTailList
ExAllocatePoolWithTag

cacflt12.sys

InitCacheLookasideList
Minimum
IoAllocateMdlWithMasterOffset
AllocateLRUMem
FreeLRUMem
UpdateLRUCacheToCacFlt
SetArrayBit
SyncReadBlockDevice
ReadLRUCacheFromCacFlt
AddLRUCacheToCacFlt
GetOverlapStatus
GetRealOffLenByArrayBit
IoAllocateMdlWithNonPagedBuf
AsyncReadBlockDeviceWithMdl
TestArrayBit
InitSystemRamSize

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swpflt22.sys
.sys windows:6 windows x64 arch:x64

9b189fbbea861024c091b4f46cb1197f

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:05:49:18:bc:e9:18:2f:5f:7a:fc:91:35:43:fc:c0:b7:05:5e:98
Signer

Actual PE Digest

f4:05:49:18:bc:e9:18:2f:5f:7a:fc:91:35:43:fc:c0:b7:05:5e:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\swapflt\objfre_wlh_amd64\amd64\swapflt.pdb

Imports

ntoskrnl.exe

ZwSetValueKey
ExInterlockedRemoveHeadList
ZwWriteFile
KeInitializeSemaphore
IoBuildDeviceIoControlRequest
ObfReferenceObject
KeReleaseSemaphore
MmUnlockPages
ExInterlockedInsertTailList
IoFreeMdl
IoFreeIrp
IoBuildAsynchronousFsdRequest
KeSetEvent
_stricmp
PsCreateSystemThread
ObReferenceObjectByHandle
KeSetPriorityThread
ZwClose
KeWaitForSingleObject
IofCallDriver
PsTerminateSystemThread
MmMapLockedPagesSpecifyCache
IoCreateDevice
IofCompleteRequest
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
PoStartNextPowerIrp
ZwCreateFile
ZwSetInformationFile
ZwReadFile
RtlFreeUnicodeString
ObReferenceObjectByName
IoDriverObjectType
KeBugCheckEx
KeDelayExecutionThread
RtlDeleteRegistryValue
ZwQueryInformationFile
ZwOpenKey
_wcsnicmp
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ObQueryNameString
swprintf
RtlInitAnsiString
ExAllocatePoolWithTag
IoDetachDevice
ExFreePoolWithTag
ZwQueryValueKey
ObfDereferenceObject
KeInitializeEvent
IoDeleteDevice
PoCallDriver

cacflt22.sys

AddLRUCacheToCacFlt
FreeLRUMem
AsyncReadBlockDeviceWithMdl
IoAllocateMdlWithNonPagedBuf
AllocateLRUMem
IoAllocateMdlWithMasterOffset
SyncReadBlockDevice
ReadLRUCacheFromCacFlt
Minimum
GetRealOffLenByArrayBit
GetOverlapStatus
InitCacheLookasideList
InitSystemRamSize
TestArrayBit
SetArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tvnserver.exe
.exe windows:5 windows x86 arch:x86

c6e3f5a765cfefd79022436cb4006fac

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

12-11-2017 23:59

Subject

CN=Michaelsoft DDS Sdn Bhd,OU=Sales,O=Michaelsoft DDS Sdn Bhd,L=Kuala Lumpur,ST=Kuala Lumpur,C=MY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:33:c9:41:f6:48:ad:dc:0f:7a:e2:4c:fe:88:e3:db:c2:1c:37:94
Signer

Actual PE Digest

aa:33:c9:41:f6:48:ad:dc:0f:7a:e2:4c:fe:88:e3:db:c2:1c:37:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\build\tightvnc-2.7.7\Release\tvnserver.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

QueryPerformanceCounter
GlobalUnlock
SetNamedPipeHandleState
CreatePipe
SetHandleInformation
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
MoveFileW
SetFileTime
CreateDirectoryW
GetLogicalDriveStringsW
SetErrorMode
FindFirstFileW
GetFileSizeEx
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GlobalAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
HeapAlloc
GetTickCount
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
GlobalLock
DisconnectNamedPipe
LocalAlloc
ReadFile
WriteFile
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
CreateFileMappingW
UnmapViewOfFile
OpenThread
OpenProcess
DuplicateHandle
WaitForMultipleObjects
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetVersionExW
GetComputerNameW
CreateEventW
SetEvent
FormatMessageW
LocalFree
CreateThread
GetModuleHandleA
ResumeThread
ReleaseMutex
GetLastError
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
ProcessIdToSessionId
Sleep
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
SetUnhandledExceptionFilter
LockResource
LoadResource
FindResourceW
FreeResource
MapViewOfFile
TlsSetValue
TlsAlloc
TlsGetValue
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW

user32

MapVirtualKeyW
GetKeyState
GetKeyboardLayout
ToUnicodeEx
EnumDisplayMonitors
GetClientRect
VkKeyScanExW
UnregisterClassW
EnumChildWindows
MapWindowPoints
MoveWindow
GetDlgItem
KillTimer
SetTimer
SendMessageW
IsWindow
RegisterWindowMessageW
LoadIconW
MessageBoxW
DestroyIcon
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
RemoveMenu
SetMenuDefaultItem
EnumDisplayDevicesW
ChangeDisplaySettingsExW
EnumWindows
IsWindowVisible
DrawIconEx
GetIconInfo
GetCursorInfo
FindWindowExW
GetClassNameW
GetWindowInfo
GetDC
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardData
SetClipboardViewer
CallNextHookEx
WaitMessage
PeekMessageW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowRect
SendInput
GetSystemMetrics
GetWindowThreadProcessId
GetWindow
FindWindowW
LockWorkStation
ExitWindowsEx
SetProcessWindowStation
CloseWindowStation
OpenWindowStationW
SystemParametersInfoW
GetMessageW
PostQuitMessage
PostMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
GetThreadDesktop
OpenInputDesktop
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
SetForegroundWindow
SetFocus
GetForegroundWindow
InvalidateRect
GetWindowTextW
ShowWindow
SetWindowTextW
DestroyWindow
DialogBoxParamW
GetWindowLongW
SetClassLongW
SetWindowLongW
EndDialog
CreateDialogParamW

gdi32

CreateDCW
GetBitmapBits
GetObjectW
BitBlt
DeleteDC
CreateDIBSection
ExtEscape
CreateCompatibleDC
DeleteObject
GetCurrentObject
SelectObject
GetDIBits

advapi32

RegCreateKeyExW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSidToSidW
CopySid
GetTokenInformation
ImpersonateNamedPipeClient
RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
OpenThreadToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyW
RegCreateKeyW
ControlService
QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SetSecurityInfo
ReportEventW
RegisterEventSourceW

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord680

ws2_32

connect
select
getsockname
shutdown
setsockopt
recv
bind
socket
__WSAFDIsSet
closesocket
WSAGetLastError
listen
accept
gethostname
ntohl
htons
ntohs
gethostbyname
WSAStartup
WSACleanup
inet_addr
send
htonl
inet_ntoa

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
volswp12.sys
.sys windows:6 windows x86 arch:x86

1594c5a862ed258d0072c35c02709f6d

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:f6:e9:60:f8:ae:79:83:b6:08:28:bc:c0:a7:82:f2:0c:70:52:f7
Signer

Actual PE Digest

d3:f6:e9:60:f8:ae:79:83:b6:08:28:bc:c0:a7:82:f2:0c:70:52:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp\drivers\current\volswap\objfre_wlh_x86\i386\volswap.pdb

Imports

ntoskrnl.exe

ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
IofCompleteRequest
KeSetEvent
KeWaitForSingleObject
IoDeleteDevice
KeReleaseSemaphore
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IofCallDriver
ExfInterlockedInsertTailList
KeInitializeEvent
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoCreateDevice
ExAllocatePoolWithTag
memset
IoDetachDevice
ExfInterlockedRemoveHeadList
KeSetPriorityThread
KeGetCurrentThread
swprintf
_alldiv
_allrem
_allshr
MmMapLockedPagesSpecifyCache
memcpy
ZwQueryValueKey
_allmul
ZwCreateFile
ZwReadFile
ZwOpenKey
ZwWriteFile
ZwSetInformationFile
_alldvrm
KeTickCount

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 383B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
volswp22.sys
.sys windows:6 windows x64 arch:x64

830520cf3deb30230f4b95c583bfcd0d

Code Sign

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2016 00:00

Not After

27-12-2017 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=研发部,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:80:ea:b6:0a:de:1d:9f:06:7d:7d:f1:42:2c:2e:b1:8e:de:5f:68
Signer

Actual PE Digest

1c:80:ea:b6:0a:de:1d:9f:06:7d:7d:f1:42:2c:2e:b1:8e:de:5f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp\drivers\current\volswap\objfre_wlh_amd64\amd64\volswap.pdb

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ZwClose
KeReleaseSemaphore
KeWaitForSingleObject
IofCallDriver
IoDetachDevice
KeSetPriorityThread
ExInterlockedRemoveHeadList
RtlInitUnicodeString
ExInterlockedInsertTailList
ObReferenceObjectByName
IoDriverObjectType
swprintf
IofCompleteRequest
ExAllocatePoolWithTag
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
KeInitializeSemaphore
ExFreePoolWithTag
KeSetEvent
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
ZwCreateFile
ZwReadFile
ZwOpenKey
ZwQueryValueKey
ZwWriteFile
ZwSetInformationFile
KeBugCheckEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a4a44a250c4cf4f2d9de2b3fe5d95f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 25KB - Virtual size: 24KB

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 364B

874f4370477af2cbc325d988165f612c

Code Sign

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bcCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6f:72:d0:f7:1e:07:66:60:2f:67:2c:a9:05:2e:d1:24:03:1c:66:0dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

wsock32

cfgmgr32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 24KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 364B

76:54:35:fd:f1:2a:92:2c:8b:9b:dc:b6:b1:ea:c1:bc
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6f:72:d0:f7:1e:07:66:60:2f:67:2c:a9:05:2e:d1:24:03:1c:66:0d
Signer

CODE
Size: - Virtual size: 351KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 8KB

.edata
Size: - Virtual size: 92B

.upx0
Size: - Virtual size: 513KB

.upx1
Size: 724KB - Virtual size: 723KB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 3KB - Virtual size: 21KB

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

68:14:cc:2b:0d:c9:08:e9:69:5e:2c:d2:35:47:a8:44:51:d9:0e:10
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 1024B - Virtual size: 548B

.data
Size: 512B - Virtual size: 884B

.edata
Size: 1024B - Virtual size: 715B

INIT
Size: 2KB - Virtual size: 1KB

.upx0
Size: 40KB - Virtual size: 39KB

.reloc
Size: 1KB - Virtual size: 1KB

2b:c2:91:3d:9b:d8:22:3e:f5:d1:c1:30:da:fc:06:64
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cc:9d:13:5a:db:67:e7:fb:17:bf:bd:35:c9:98:1b:b5:8c:30:23:cf
Signer

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 912B

.edata
Size: 1024B - Virtual size: 715B

INIT
Size: 2KB - Virtual size: 2KB

.upx0
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 12B