BstkDrv_nxt[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

BstkDrv_nxt.sys
Size

303KB
MD5

a271a11606a3979b89450194aa47f157
SHA1

c8e85bcfb4e8f144ea2a8c0337167dada6912c89
SHA256

5ba21e938d5e331413ff69e73b825702136b0604b8b9adc81575ff3546cac726
SHA512

787fa128c4d25e446638a14b47de16707ccbae803183e2635f55f6e3e48d025df7d7c8ba19da02d2a0d2c03f17680836f38bdc9f994da7913780d517ff550c01
SSDEEP

6144:4jdtrsNcXbm+QrPuEa6KR7d3KIDR0cGowN1pm:3NhLKR7d6+RzwN1pm

Score

1^/10

Malware Config

Signatures

Files

BstkDrv_nxt.sys
.sys windows:5 windows x64 arch:x64

b56375f05719909b4dedfacdfbe68862

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-04-2023 19:16

Not After

03-04-2024 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-03-2023 00:00

Not After

05-04-2025 23:59

Subject

SERIALNUMBER=4559077,CN=Now.gg\, INC,O=Now.gg\, INC,L=Campbell,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08
Signer

Actual PE Digest

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08

Digest Algorithm

sha256

PE Digest Matches

true

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08
Signer

Actual PE Digest

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\virtualbox\out\win.amd64\release\obj\VBoxDrv\BstkDrv_nxt.pdb

Imports

ntoskrnl.exe

strchr
IoDeleteDevice
IoCreateDevice
RtlInitUnicodeString
ObfDereferenceObject
ExUnregisterCallback
IofCompleteRequest
MmGetPhysicalAddress
MmIsNonPagedSystemAddressValid
MmIsAddressValid
__C_specific_handler
ExFreePoolWithTag
ExAllocatePoolWithTag
IoIs32bitProcess
ZwSetSystemInformation
ExRegisterCallback
ExCreateCallback
MmGetSystemRoutineAddress
RtlQueryRegistryValues
DbgPrint
KeSetTimerEx
KeInsertQueueDpc
KeRemoveQueueDpc
KeCancelTimer
KeSetImportanceDpc
KeInitializeDpc
KeInitializeTimerEx
KeQueryTimeIncrement
KeDelayExecutionThread
ZwYieldExecution
KeSetPriorityThread
KeWaitForSingleObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeInitializeMutex
KeReleaseMutex
KeReadStateMutex
KeInitializeEvent
ExAcquireFastMutex
ExReleaseFastMutex
KeSetEvent
KeResetEvent
PsGetCurrentProcessId
IoGetCurrentProcess
ProbeForRead
ProbeForWrite
MmHighestUserAddress
MmSystemRangeStart
KeSetTargetProcessorDpc
KeNumberProcessors
PsGetVersion
MmUnmapIoSpace
MmUnlockPages
MmFreeContiguousMemory
IoFreeMdl
MmFreePagesFromMdl
MmUnsecureVirtualMemory
MmUnmapLockedPages
MmProtectMdlSystemAddress
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmAllocateContiguousMemorySpecifyCache
MmAllocatePagesForMdl
MmSecureVirtualMemory
MmProbeAndLockPages
MmMapIoSpace
MmMapLockedPagesSpecifyCache
MmAllocateContiguousMemory

Exports

Exports

ASMAtomicBitClear
ASMAtomicXchgU16
ASMAtomicXchgU8
ASMGetCS
ASMGetDS
ASMGetES
ASMGetFS
ASMGetGS
ASMGetIDTR
ASMGetSS
ASMMultU64ByU32DivByU32
ASMNopPause
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromErrno
RTErrConvertFromNtStatus
RTErrConvertToErrno
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTHandleTableAllocWithCtx
RTHandleTableCreate
RTHandleTableCreateEx
RTHandleTableDestroy
RTHandleTableFreeWithCtx
RTHandleTableLookupWithCtx
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogCloneRC
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateEx
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFlushRC
RTLogFlushToLogger
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGetGroupSettings
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelLoggerV
RTLogRelPrintfV
RTLogRelSetBuffering
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemDupExTag
RTMemDupTag
RTMemExecAllocTag
RTMemExecFree
RTMemFree
RTMemFreeEx
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetArraySize
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTNetIPv4AddDataChecksum
RTNetIPv4AddTCPChecksum
RTNetIPv4AddUDPChecksum
RTNetIPv4FinalizeChecksum
RTNetIPv4HdrChecksum
RTNetIPv4IsDHCPValid
RTNetIPv4IsHdrValid
RTNetIPv4IsTCPSizeValid
RTNetIPv4IsTCPValid
RTNetIPv4IsUDPSizeValid
RTNetIPv4IsUDPValid
RTNetIPv4PseudoChecksum
RTNetIPv4PseudoChecksumBits
RTNetIPv4TCPChecksum
RTNetIPv4UDPChecksum
RTNetIPv6PseudoChecksum
RTNetIPv6PseudoChecksumBits
RTNetIPv6PseudoChecksumEx
RTNetTCPChecksum
RTNetUDPChecksum
RTOnceReset
RTOnceSlow
RTPowerNotificationDeregister
RTPowerNotificationRegister
RTPowerSignalEvent
RTProcSelf
RTR0AssertPanicSystem
RTR0Init
RTR0MemAreKrnlAndUsrDifferent
RTR0MemKernelCopyFrom
RTR0MemKernelCopyTo
RTR0MemKernelIsValidAddr
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemUserCopyFrom
RTR0MemUserCopyTo
RTR0MemUserIsValidAddr
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventGetResolution
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiGetResolution
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemEventWaitNoResume
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrConvertHexBytes
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNTag
RTStrDupTag
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrIsValidEncoding
RTStrNCmp
RTStrPrevCp
RTStrPrintf
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTTermDeregisterCallback
RTTermRegisterCallback
RTTermRunCallbacks
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadCtxHookCreate
RTThreadCtxHookDestroy
RTThreadCtxHookDisable
RTThreadCtxHookEnable
RTThreadCtxHookIsEnabled
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeExplode
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToString
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreate
RTTimerCreateEx
RTTimerDestroy
RTTimerGetSystemGranularity
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUuidClear
RTUuidCompare
RTUuidCompare2Strs
RTUuidCompareStr
RTUuidFromStr
RTUuidFromUtf16
RTUuidIsNull
RTUuidToStr
RTUuidToUtf16
SUPGetCpuHzFromGipForAsyncMode
SUPGetGIP
SUPGetTscDeltaSlow
SUPIsTscFreqCompatible
SUPIsTscFreqCompatibleEx
SUPR0BadContext
SUPR0ChangeCR4
SUPR0ComponentDeregisterFactory
SUPR0ComponentQueryFactory
SUPR0ComponentRegisterFactory
SUPR0ContAlloc
SUPR0ContFree
SUPR0EnableVTx
SUPR0GetCurrentGdtRw
SUPR0GetKernelFeatures
SUPR0GetMemPhysAddress
SUPR0GetPagingMode
SUPR0GetSessionGVM
SUPR0GetSessionVM
SUPR0GetSvmUsability
SUPR0GetVmxUsability
SUPR0GipMap
SUPR0GipUnmap
SUPR0LockMem
SUPR0LowAlloc
SUPR0LowFree
SUPR0MemAlloc
SUPR0MemFree
SUPR0MemGetPhys
SUPR0ObjAddRef
SUPR0ObjAddRefEx
SUPR0ObjRegister
SUPR0ObjRelease
SUPR0ObjVerifyAccess
SUPR0PageAllocEx
SUPR0PageFree
SUPR0PageMapKernel
SUPR0PageProtect
SUPR0Printf
SUPR0QueryUcodeRev
SUPR0QueryVTCaps
SUPR0ResumeVTxOnCpu
SUPR0SetSessionVM
SUPR0SuspendVTxOnCpu
SUPR0TracerDeregisterDrv
SUPR0TracerDeregisterImpl
SUPR0TracerFireProbe
SUPR0TracerRegisterDrv
SUPR0TracerRegisterImpl
SUPR0TracerRegisterModule
SUPR0TracerUmodProbeFire
SUPR0TscDeltaMeasureBySetIndex
SUPR0UnlockMem
SUPReadTscWithDelta
SUPSemEventClose
SUPSemEventCreate
SUPSemEventGetResolution
SUPSemEventMultiClose
SUPSemEventMultiCreate
SUPSemEventMultiGetResolution
SUPSemEventMultiReset
SUPSemEventMultiSignal
SUPSemEventMultiWait
SUPSemEventMultiWaitNoResume
SUPSemEventMultiWaitNsAbsIntr
SUPSemEventMultiWaitNsRelIntr
SUPSemEventSignal
SUPSemEventWait
SUPSemEventWaitNoResume
SUPSemEventWaitNsAbsIntr
SUPSemEventWaitNsRelIntr
g_pSUPGlobalInfoPage
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b56375f05719909b4dedfacdfbe68862

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ffCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08Signer

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 15KB - Virtual size: 74KB

.pdata Size: 13KB - Virtual size: 12KB

.edata Size: 13KB - Virtual size: 13KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08
Signer

c5:a9:91:77:6a:86:70:bb:d9:f6:0f:ba:46:0d:cb:de:ec:97:b8:a1:8a:ac:e9:44:90:4d:68:b8:10:85:1b:08
Signer

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 15KB - Virtual size: 74KB

.pdata
Size: 13KB - Virtual size: 12KB

.edata
Size: 13KB - Virtual size: 13KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB