Overview
overview
3Static
static
3Spoofing method.zip
windows7-x64
1Spoofing method.zip
windows10-2004-x64
1Eac.gg-Spo...in.zip
windows7-x64
1Eac.gg-Spo...in.zip
windows10-2004-x64
1Eac.gg-Spo...AC.sys
windows10-2004-x64
1Eac.gg-Spo...nd.exe
windows7-x64
1Eac.gg-Spo...nd.exe
windows10-2004-x64
1Eac.gg-Spo...er.exe
windows7-x64
1Eac.gg-Spo...er.exe
windows10-2004-x64
1Eac.gg-Spo...ew.sys
windows7-x64
1Eac.gg-Spo...ew.sys
windows10-2004-x64
1Eac.gg-Spo...w1.sys
windows10-2004-x64
1Eac.gg-Spo...gk.sys
windows10-2004-x64
1GRINX64v2.zip
windows7-x64
1GRINX64v2.zip
windows10-2004-x64
1GRINX64v2/...IN.exe
windows7-x64
1GRINX64v2/...IN.exe
windows10-2004-x64
1GRINX64v2/...64.exe
windows7-x64
1GRINX64v2/...64.exe
windows10-2004-x64
1GRINX64v2/DMI16.exe
windows7-x64
GRINX64v2/DMI16.exe
windows10-2004-x64
GRINX64v2/DMIEDIT.exe
windows7-x64
1GRINX64v2/DMIEDIT.exe
windows10-2004-x64
1GRINX64v2/README.txt
windows7-x64
1GRINX64v2/README.txt
windows10-2004-x64
1GRINX64v2/...LL.dll
windows7-x64
3GRINX64v2/...LL.dll
windows10-2004-x64
3GRINX64v2/...YS.sys
windows7-x64
1GRINX64v2/...YS.sys
windows10-2004-x64
1GRINX64v2/...XD.vxd
windows7-x64
1GRINX64v2/...XD.vxd
windows10-2004-x64
1GRINX64v2/...64.sys
windows7-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Spoofing method.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Spoofing method.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Eac.gg-Spoofer-Crack-main.zip
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Eac.gg-Spoofer-Crack-main.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Eac.gg-Spoofer-Crack-main/EAC.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
Eac.gg-Spoofer-Crack-main/command.exe
Resource
win7-20240611-en
Behavioral task
behavioral7
Sample
Eac.gg-Spoofer-Crack-main/command.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Eac.gg-Spoofer-Crack-main/mapper.exe
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
Eac.gg-Spoofer-Crack-main/mapper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
Eac.gg-Spoofer-Crack-main/new.sys
Resource
win7-20231129-en
Behavioral task
behavioral11
Sample
Eac.gg-Spoofer-Crack-main/new.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
Eac.gg-Spoofer-Crack-main/new1.sys
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Eac.gg-Spoofer-Crack-main/vgk.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
GRINX64v2.zip
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
GRINX64v2.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
GRINX64v2/AMIDEWIN.exe
Resource
win7-20240611-en
Behavioral task
behavioral17
Sample
GRINX64v2/AMIDEWIN.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral18
Sample
GRINX64v2/AMIDEWINx64.exe
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
GRINX64v2/AMIDEWINx64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral20
Sample
GRINX64v2/DMI16.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
GRINX64v2/DMI16.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
GRINX64v2/DMIEDIT.exe
Resource
win7-20240611-en
Behavioral task
behavioral23
Sample
GRINX64v2/DMIEDIT.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
GRINX64v2/README.txt
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
GRINX64v2/README.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
GRINX64v2/UCOREDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral27
Sample
GRINX64v2/UCOREDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
GRINX64v2/UCORESYS.sys
Resource
win7-20240508-en
Behavioral task
behavioral29
Sample
GRINX64v2/UCORESYS.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
GRINX64v2/UCOREVXD.vxd
Resource
win7-20240220-en
Behavioral task
behavioral31
Sample
GRINX64v2/UCOREVXD.vxd
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
GRINX64v2/UCOREW64.sys
Resource
win7-20240221-en
General
-
Target
Spoofing method.zip
-
Size
8.9MB
-
MD5
5963a1956da2453bff34701cd6ac93e1
-
SHA1
e1235f32d31446e81d3a1881d21810206486bb2d
-
SHA256
6a1f8cc8b6c6c425b07fb5bcbe66053d4c58090295fbdd846eca25a280a77623
-
SHA512
bf7b469cc04e781e74881b17e311259d7f0c329e552bcc590660eae9ac64963470bde49342398df5d1ba68999e69096abf268ceb07f296520ee441a7a3f32392
-
SSDEEP
196608:eH/pFWp0qOb7lGSa0qiU/QrMeGUe6ha0qiU/QrMeGUe6VqGw7aBeCHt9:eH/nm3c7YSak3T/hak3T/VqGw8
Malware Config
Signatures
-
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/Eac.gg-Spoofer-Crack-main/command.exe unpack002/Eac.gg-Spoofer-Crack-main/mapper.exe unpack002/Eac.gg-Spoofer-Crack-main/new1.sys unpack003/GRINX64v2/AMIDEWIN.EXE unpack003/GRINX64v2/AMIDEWINx64.EXE unpack003/GRINX64v2/DMIEDIT.EXE unpack003/GRINX64v2/UCOREDLL.DLL unpack004/Name Lock Fix/.KernelSpoofer.exe unpack004/Name Lock Fix/EACSpoof.exe unpack004/Name Lock Fix/KernelSpoofer.dll unpack004/Name Lock Fix/spoof/EACSpoof.exe
Files
-
Spoofing method.zip.zip
-
Eac.gg-Spoofer-Crack-main.zip.zip
-
Eac.gg-Spoofer-Crack-main/EAC.sys.sys windows:10 windows x64 arch:x64
5abdf27dc7eef75598dd097a2f3b7c99
Code Sign
8d:b7:d8:61:21:59:8f:20Certificate
IssuerCN=385a920c-b903-4856-9fb8-4085487b8d00Not Before04-09-2021 12:00Not After05-09-2022 00:00SubjectCN=385a920c-b903-4856-9fb8-4085487b8d004d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47Signer
Actual PE Digest4d:2d:df:95:50:8b:dc:53:c6:75:d6:f8:45:75:cf:df:87:15:1d:47Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\build\bin\Premium.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
IoEnumerateDeviceObjectList
ObReferenceObjectByName
IoDriverObjectType
vDbgPrintExWithPrefix
MmMapIoSpace
MmUnmapIoSpace
strstr
KeQueryTimeIncrement
RtlRandomEx
ZwQuerySystemInformation
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 478B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Eac.gg-Spoofer-Crack-main/README.md
-
Eac.gg-Spoofer-Crack-main/command.exe.exe windows:6 windows x64 arch:x64
8550b9122a4d909a8607237e7d2f9bac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
E:\Programming\Archive\Swind2-master\Swind2-master\bin\swind2.pdb
Imports
ntdll
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
NtClose
RtlFreeHeap
NtCreateFile
NtMapViewOfSection
RtlWriteRegistryValue
NtQuerySystemInformation
NtUnloadDriver
NtCreateSection
_snwprintf
RtlInitUnicodeString
wcscpy_s
wcscat_s
RtlGetFullPathName_UEx
NtDeviceIoControlFile
RtlAdjustPrivilege
_stricmp
NtUnmapViewOfSection
NtLoadDriver
memcmp
NtTerminateProcess
RtlNormalizeProcessParams
RtlAllocateHeap
RtlCreateRegistryKey
_vsnwprintf
strcmp
kernel32
ReadConsoleInputW
WriteConsoleW
shlwapi
SHDeleteKeyW
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 384B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Eac.gg-Spoofer-Crack-main/mapper.exe.exe windows:6 windows x64 arch:x64
dc05b941cfcf2b45155d9541b3d972b4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\ryanj\Desktop\kdmapper-master\x64\Release\kdmapper.pdb
Imports
kernel32
GetModuleHandleA
GetTempPathA
GetLastError
CloseHandle
CreateFileW
GetProcAddress
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
FormatMessageA
InitializeCriticalSectionEx
VirtualAlloc
DeviceIoControl
VirtualFree
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
SetLastError
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
advapi32
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegSetKeyValueA
RegCreateKeyA
msvcp140
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
ntdll
NtQuerySystemInformation
RtlInitUnicodeString
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
memmove
__current_exception
__std_exception_copy
__std_exception_destroy
memcmp
_CxxThrowException
__C_specific_handler
__current_exception_context
__std_terminate
memcpy
api-ms-win-crt-stdio-l1-1-0
_fseeki64
fread
fsetpos
ungetc
_set_fmode
fputc
setvbuf
fgetpos
fwrite
__acrt_iob_func
__p__commode
__stdio_common_vfprintf
fgetc
fflush
fclose
_get_stream_buffer_pointers
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
_callnewh
free
api-ms-win-crt-filesystem-l1-1-0
remove
_unlock_file
_lock_file
api-ms-win-crt-utility-l1-1-0
srand
rand
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-runtime-l1-1-0
__p___argc
__p___argv
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
exit
_initterm_e
terminate
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_initterm
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Eac.gg-Spoofer-Crack-main/new.sys.sys windows:5 windows x64 arch:x64
cc81a908891587ccac8059435eda4c66
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
24:84:72:54:2c:24:ab:8e:42:92:29:ac:f1:21:ca:26Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23-08-2010 00:00Not After17-10-2013 23:59SubjectCN=Giga-Byte Technology,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Testing Department,O=Giga-Byte Technology,L=Taipei Hsien,ST=Taiwan,C=TWExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0fSigner
Actual PE Digest0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
f:\ycc\gdrv64\objfre_wnet_AMD64\amd64\gdrv64.pdb
Imports
ntoskrnl.exe
IoCreateDevice
RtlInitUnicodeString
DbgPrint
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
IoFreeMdl
MmUnmapLockedPages
MmMapIoSpace
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
IoCreateSymbolicLink
KeAcquireInStackQueuedSpinLock
MmFreeContiguousMemory
MmIsAddressValid
MmAllocateContiguousMemory
MmGetPhysicalAddress
IofCompleteRequest
ExAllocatePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
KeReleaseInStackQueuedSpinLock
IoDeleteDevice
hal
HalTranslateBusAddress
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Eac.gg-Spoofer-Crack-main/new1.sys.sys windows:10 windows x64 arch:x64
229aa21a08a695918b7c97b4a3f5d394
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint
wdfldr.sys
WdfVersionUnbind
hal
KeQueryPerformanceCounter
Sections
.text Size: - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 504B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: - Virtual size: 982B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
0 Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
1 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2 Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Eac.gg-Spoofer-Crack-main/vgk.sys.sys windows:10 windows x64 arch:x64
a3fc15df0095a1a39e807fbd1ab75c38
Code Sign
8d:b7:d8:61:21:59:8f:20Certificate
IssuerCN=385a920c-b903-4856-9fb8-4085487b8d00Not Before04-09-2021 12:00Not After05-09-2022 00:00SubjectCN=385a920c-b903-4856-9fb8-4085487b8d004a:ff:71:76:1e:17:7c:46:a5:07:dc:c6:d4:42:48:e9:fc:96:e3:6fSigner
Actual PE Digest4a:ff:71:76:1e:17:7c:46:a5:07:dc:c6:d4:42:48:e9:fc:96:e3:6fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\build\bin\Premium.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
strstr
ZwQuerySystemInformation
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 668B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 304B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
GRINX64v2.zip.zip
-
GRINX64v2/AMIDEWIN.EXE.exe windows:4 windows x86 arch:x86
e4bef79f59242df9daf28c2c8193c40e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
CopyFileA
GetCurrentProcess
GetTimeZoneInformation
CreateProcessA
WaitForSingleObject
Sleep
GetVersionExA
DeviceIoControl
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
SetProcessAffinityMask
CloseHandle
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
DeleteFileA
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetProcAddress
GetFullPathNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
user32
wsprintfA
advapi32
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
GRINX64v2/AMIDEWINx64.EXE.exe windows:6 windows x64 arch:x64
ed928bd060b03bab412d37a11b9d26a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameA
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
DeleteFileA
GetLastError
CreateMutexA
SetThreadExecutionState
SetConsoleCtrlHandler
ReadFile
WriteFile
CreateNamedPipeA
CreateThread
LocalFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
RaiseException
GetEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetVersionExA
LoadLibraryA
GetProcAddress
HeapSize
FreeLibrary
FreeEnvironmentStringsW
shell32
ShellExecuteA
user32
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
MessageBoxA
BlockInput
SystemParametersInfoA
ExitWindowsEx
CreateWindowExA
wsprintfA
advapi32
ControlService
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
Sections
.text Size: 240KB - Virtual size: 239KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
GRINX64v2/DMI16.EXE
-
GRINX64v2/DMIEDIT.EXE.exe windows:6 windows x64 arch:x64
9bbd972bee7030506f62236dff565e85
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
LoadCursorW
LoadCursorA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
CheckDlgButton
SetDlgItemTextA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
UnhookWindowsHookEx
DestroyCursor
EndDialog
CreateDialogIndirectParamA
DestroyWindow
CallNextHookEx
SetWindowsHookExA
ValidateRect
DispatchMessageA
TranslateMessage
GetMessageA
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
ReuseDDElParam
UnpackDDElParam
WinHelpA
LoadImageA
LoadIconW
GetWindow
IntersectRect
SetRectEmpty
SetActiveWindow
InsertMenuItemA
DestroyMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
GetCapture
GetActiveWindow
SetFocus
GetDlgCtrlID
LockWindowUpdate
IsIconic
IsWindowVisible
GetNextDlgGroupItem
DrawFocusRect
GetIconInfo
ShowWindow
GetClassInfoA
EnableWindow
UpdateWindow
ReleaseCapture
IsWindow
GetSysColor
SetCursorPos
SetTimer
KillTimer
DrawIcon
SetWindowRgn
IsRectEmpty
GetSystemMenu
SetParent
IsZoomed
RealChildWindowFromPoint
LoadAcceleratorsW
GetDCEx
LoadMenuW
CopyImage
SendDlgItemMessageA
ShowOwnedPopups
WindowFromPoint
ScreenToClient
GetCursorPos
SetWindowPos
SetMenuItemInfoA
UnionRect
GetTabbedTextExtentW
PostThreadMessageA
CopyAcceleratorTableA
GetNextDlgTabItem
RedrawWindow
ReleaseDC
PeekMessageA
InvalidateRect
SetWindowLongA
InflateRect
GetDC
PtInRect
SendMessageA
GetClientRect
MessageBeep
GetParent
SetCapture
PostQuitMessage
GetWindowRect
SetCursor
IsMenu
CopyRect
ModifyMenuA
DestroyIcon
InsertMenuA
UnregisterClassA
GetSystemMetrics
SystemParametersInfoA
RemoveMenu
GetMenuItemCount
AppendMenuA
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
GetMenuItemInfoA
GetDesktopWindow
TabbedTextOutA
GetMenuState
SetRect
DrawTextExA
DrawEdge
GrayStringA
CreateMenu
DeleteMenu
DrawIconEx
GetSubMenu
DrawTextA
GetMenuItemID
FillRect
GetWindowLongA
OffsetRect
CharUpperA
GetFocus
GetKeyState
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
GetDlgItem
GetClassNameA
OpenClipboard
PostMessageA
CloseClipboard
IsWindowEnabled
MessageBoxA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
wsprintfA
RegisterClassExA
BlockInput
ExitWindowsEx
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
WaitMessage
IsClipboardFormatAvailable
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawFrameControl
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
RegisterClipboardFormatA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetClassLongPtrA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
MapDialogRect
GetWindowRgn
BringWindowToTop
kernel32
SetThreadExecutionState
SetConsoleCtrlHandler
DeviceIoControl
CreateNamedPipeA
CreateThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
AreFileApisANSI
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetSystemInfo
VirtualAlloc
VirtualQuery
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
SetStdHandle
GetFileType
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStdHandle
GetSystemDirectoryA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
ReadConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
ReadConsoleInputA
GetStartupInfoW
FindResourceExW
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
GetModuleHandleA
DeleteCriticalSection
lstrlenA
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
lstrcatA
LockResource
CreateMutexA
WinExec
lstrcpyA
WaitForSingleObject
CloseHandle
GetCurrentDirectoryA
FindResourceA
GetCPInfo
MultiByteToWideChar
lstrcmpiA
GetVersion
FreeResource
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleFileNameA
SetLastError
GlobalAlloc
GlobalSize
GlobalFree
LocalFree
MulDiv
FormatMessageA
CopyFileA
GetCurrentThread
GetCurrentThreadId
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
CompareStringA
GetModuleHandleW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalAddAtomA
GlobalGetAtomNameA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileTime
GetFullPathNameA
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
GetUserDefaultLCID
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
MoveFileA
GetVolumeInformationA
GetThreadLocale
GetStringTypeExA
SetErrorMode
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetACP
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTickCount
GetProfileIntA
GetTempPathA
Sleep
SearchPathA
VirtualProtect
advapi32
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegQueryValueExA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExW
RegEnumValueA
RegEnumKeyExA
gdi32
CreatePen
Escape
PtVisible
Ellipse
Rectangle
CreateCompatibleBitmap
GetPixel
SelectObject
DeleteObject
SetPixel
GetDeviceCaps
CreateDIBSection
DeleteDC
GetBkMode
CreateHatchBrush
PatBlt
GetTextExtentPoint32W
BitBlt
GetCurrentObject
CopyMetaFileA
CreateDCA
CreateBitmap
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtTextOutA
CreateSolidBrush
TextOutA
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
GetObjectA
GetStockObject
CreateCompatibleDC
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
StretchBlt
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextFaceA
GetWindowOrgEx
GetTextExtentPointA
GetTextColor
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetROP2
GetBkColor
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
GetTextMetricsA
LPtoDP
CreateEllipticRgn
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DPtoLP
GetViewportOrgEx
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
StartDocA
SetTextAlign
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
RectVisible
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetSaveFileNameA
winspool.drv
OpenPrinterA
GetJobA
ClosePrinter
DocumentPropertiesA
shell32
SHAppBarMessage
DragQueryFileA
DragFinish
SHGetFileInfoA
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA
comctl32
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
shlwapi
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA
PathFindExtensionA
uxtheme
GetThemeColor
GetWindowTheme
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetCurrentThemeName
ole32
OleGetClipboard
CoLockObjectExternal
OleLockRunning
CreateStreamOnHGlobal
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
DoDragDrop
RegisterDragDrop
RevokeDragDrop
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocString
SysAllocStringLen
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 775KB - Virtual size: 774KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 107KB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
GRINX64v2/README.txt
-
GRINX64v2/UCOREDLL.DLL.dll windows:4 windows x86 arch:x86
6b893ca0388ae7a60f134fafc899b16d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentDirectoryA
Sleep
DeviceIoControl
GetVersionExA
GetCurrentProcess
SetProcessAffinityMask
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetFileSize
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
advapi32
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
Exports
Exports
fnUCAPI_Compress
fnUCAPI_Decompress
fnUCAPI_DeleteModuleByID
fnUCAPI_DeleteModuleByIndex
fnUCAPI_DeleteNCB
fnUCAPI_DeleteROMHole
fnUCAPI_FreeDRVBy16Bit
fnUCAPI_GETDMIDATA
fnUCAPI_GetBiosCoreVersion
fnUCAPI_GetBiosGroupInfo
fnUCAPI_GetDRVVersion
fnUCAPI_GetDllVersion
fnUCAPI_GetInitGroupInfo
fnUCAPI_GetModuleInfoByID
fnUCAPI_GetModuleInfoByIndex
fnUCAPI_GetNCBInfo
fnUCAPI_GetNumberOfModules
fnUCAPI_GetNumberOfNCBs
fnUCAPI_GetNumberOfROMHoles
fnUCAPI_GetROMHoleInfo
fnUCAPI_GetRomImageGroupInfo
fnUCAPI_InsertModule
fnUCAPI_InsertNCB
fnUCAPI_InsertROMHole
fnUCAPI_LoadDRVBy16Bit
fnUCAPI_LoadROMFile
fnUCAPI_LoadSYSDriver
fnUCAPI_LoadVxDDriver
fnUCAPI_RebuildROM
fnUCAPI_RegisterBiosGroup
fnUCAPI_RegisterInitGroup
fnUCAPI_RegisterRomImageGroup
fnUCAPI_ReplaceModule
fnUCAPI_ReplaceNCB
fnUCAPI_ReplaceROMHole
fnUCAPI_SETDMIDATA
fnUCAPI_SetCallGate32
fnUCAPI_SetSelector32
fnUCAPI_SetSelectorPhy32
fnUCAPI_UnloadROMFile
fnUCAPI_UnloadSYSDriver
fnUCAPI_UnloadVxDDriver
Sections
.text Size: 76KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 231KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
GRINX64v2/UCORESYS.SYS.sys windows:4 windows x86 arch:x86
072f277c4d89044b84c482307008a355
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daSigner
Actual PE Digest58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:daDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmMapIoSpace
MmUnmapIoSpace
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmAllocateContiguousMemory
MmIsAddressValid
MmGetPhysicalAddress
IoAllocateMdl
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
MmMapLockedPages
RtlInitUnicodeString
IoFreeMdl
hal
KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 378B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
GRINX64v2/UCOREVXD.VXD
-
GRINX64v2/UCOREW64.SYS.sys windows:4 windows x64 arch:x64
0dcd262801389f839ce909cb173448e2
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:01Not After23-05-2016 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30-09-2006 00:00Not After16-11-2009 23:59SubjectCN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daSigner
Actual PE Digestc5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:daDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
DbgPrint
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoFreeMdl
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwClose
MmFreeContiguousMemory
hal
HalTranslateBusAddress
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 160B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
GRINX64v2/amifldrv64.sys.sys windows:6 windows x64 arch:x64
363922cc73591e60f2af113182414230
Code Sign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-04-2011 19:45Not After15-04-2021 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:f4:3c:81:c1:eb:27:87:6e:e1:ae:fe:aa:5a:0f:5dCertificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24-06-2014 00:00Not After30-08-2017 12:00SubjectSERIALNUMBER=780491,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,POSTALCODE=30093,STREET=5555 Oakbrook Parkway Suite 200,L=Norcross,ST=Georgia,C=US,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18-04-2012 12:00Not After18-04-2027 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:feSigner
Actual PE Digest6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:feDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\amibios\utility\amiflashdriver\flashdriverwin64\Release\amd64\amifldrv64.pdb
Imports
ntoskrnl.exe
ZwMapViewOfSection
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
MmMapLockedPages
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
MmGetPhysicalAddress
MmMapIoSpace
PsGetVersion
MmIsAddressValid
IoAllocateMdl
MmAllocateContiguousMemory
DbgPrint
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
MmMapLockedPagesSpecifyCache
MmUnmapIoSpace
hal
HalTranslateBusAddress
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 572B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 1010B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Name_Lock_Fix.zip.zip
-
Name Lock Fix/.KernelSpoofer.exe.exe windows:6 windows x64 arch:x64
6dbf27f4c70fe2c8ed3e0122ba75d641
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Imports
kernel32
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
user32
MessageBoxW
shell32
ShellExecuteW
advapi32
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0
_exit
__p___argc
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
__p___wargv
_seh_filter_exe
_register_onexit_function
_cexit
terminate
_errno
exit
abort
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0
setvbuf
fflush
_wfopen
__stdio_common_vswprintf
__stdio_common_vfwprintf
_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
fputwc
fputws
__p__commode
api-ms-win-crt-heap-l1-1-0
_set_new_mode
_callnewh
free
malloc
calloc
api-ms-win-crt-string-l1-1-0
wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper
api-ms-win-crt-convert-l1-1-0
_wtoi
wcstoul
api-ms-win-crt-locale-l1-1-0
setlocale
___lc_locale_name_func
localeconv
_unlock_locales
_lock_locales
___mb_cur_max_func
_configthreadlocale
__pctype_func
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
frexp
__setusermatherr
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_time64
wcsftime
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Name Lock Fix/EACSpoof.exe.exe windows:6 windows x64 arch:x64
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
lstrcpy
Sections
Size: 24KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vsydpalz Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
umjgxtlc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Name Lock Fix/EACSpoof.sys.sys windows:10 windows x64 arch:x64
410b48edaf470cbb2b101861e4c35b6b
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-05-2022 19:23Not After04-05-2023 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
95:ac:99:73:a6:d2:9b:ad:52:a0:36:44:af:aa:3e:78:cc:bd:b4:42:24:f0:48:8c:7c:da:6b:0a:ed:52:d2:d1Signer
Actual PE Digest95:ac:99:73:a6:d2:9b:ad:52:a0:36:44:af:aa:3e:78:cc:bd:b4:42:24:f0:48:8c:7c:da:6b:0a:ed:52:d2:d1Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\Driver\build\bin\Premium.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
IoEnumerateDeviceObjectList
ObReferenceObjectByName
IoDriverObjectType
strstr
ZwQuerySystemInformation
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 700B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 342B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Name Lock Fix/KernelSpoofer.deps.json
-
Name Lock Fix/KernelSpoofer.dll.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Krane\source\repos\KernelSpoofer\KernelSpoofer\obj\Debug\net6.0\KernelSpoofer.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Name Lock Fix/KernelSpoofer.pdb
-
Name Lock Fix/KernelSpoofer.runtimeconfig.json
-
Name Lock Fix/Unlinker/regclean.reg
-
Name Lock Fix/Unlinker/unlink.bat
-
Name Lock Fix/spoof/1.reg
-
Name Lock Fix/spoof/2.reg
-
Name Lock Fix/spoof/EACSpoof.exe.exe windows:6 windows x64 arch:x64
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
lstrcpy
Sections
Size: 24KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vsydpalz Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
umjgxtlc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Name Lock Fix/spoof/EACSpoof.sys.sys windows:10 windows x64 arch:x64
410b48edaf470cbb2b101861e4c35b6b
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-05-2022 19:23Not After04-05-2023 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
95:ac:99:73:a6:d2:9b:ad:52:a0:36:44:af:aa:3e:78:cc:bd:b4:42:24:f0:48:8c:7c:da:6b:0a:ed:52:d2:d1Signer
Actual PE Digest95:ac:99:73:a6:d2:9b:ad:52:a0:36:44:af:aa:3e:78:cc:bd:b4:42:24:f0:48:8c:7c:da:6b:0a:ed:52:d2:d1Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nicov\OneDrive\Desktop\Spoofer Source\Driver\Driver\build\bin\Premium.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
IoEnumerateDeviceObjectList
ObReferenceObjectByName
IoDriverObjectType
strstr
ZwQuerySystemInformation
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 700B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 342B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Name Lock Fix/spoof/full.bat
-
Name Lock Fix/spoof/spoof.bat