Paragon[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Paragon.rar
Size

128.1MB
MD5

d093175e06564716d51376f1fd58e0f0
SHA1

3ea61111dd323cf0983d54efedb4b458c25d6ae0
SHA256

2a642cefebe39419bfe3cea90555bae3899b16badbad2a4f08869c42c4a3be63
SHA512

e8b1634e41914afe3e1e2f924467c69c6af83aa60028830ca2b09ee04b9486f2680c3b0f8541ea1cfb26fdf08f71dfc300322c684bd6978689d851f22f6119d4
SSDEEP

3145728:oQp9I7+k0euPVyP9TV3cltmyYm5+4TtA3TQNdiDiGT9psrY:oQvI7XkP6J3yYw+4TOudvGJGs

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/Paragon/[2] Auto Scewin/BIOSSettings.exe	autoit_exe

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Paragon/[1] Pro Service/NSudo.exe
unpack001/Paragon/[1] Pro Service/[10] Start Up Apps/SetTimerResolution.exe
unpack001/Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/._cache_nvidiaProfileInspector.exe
unpack001/Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/nvidiaProfileInspector.exe
unpack001/Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Display Driver Uninstaller.exe
unpack001/Paragon/[1] Pro Service/[5]/[2] NVCleanInstall/[1] NVCleanstall_1.16.0.exe
unpack001/Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/98ME/hidusbf.sys
unpack001/Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/Setup.exe
unpack001/Paragon/[1] Pro Service/[7]/Keyboard/FilterKeysSetter.exe
unpack001/Paragon/[1] Pro Service/[8]/._cache_[6] FORTNITE SETTINGS.exe
unpack001/Paragon/[1] Pro Service/[8]/Temp Files Cleaning/[5] adwcleaner.exe
unpack001/Paragon/[1] Pro Service/[8]/WPD/._cache_WPD.exe
unpack001/Paragon/[1] Pro Service/[8]/[3] DISABLE UPDATES.exe
unpack001/Paragon/[1] Pro Service/[8]/[6] FORTNITE SETTINGS.exe
unpack001/Paragon/[2] Auto Scewin/BIOSSettings.exe

Files

Paragon.rar
.rar
Paragon/Corrupt Check.bat
Paragon/Restart into BIOS.lnk
.lnk
Paragon/[1] Pro Service/NSudo.exe
.exe windows:6 windows x64 arch:x64

1188b455132bc86c7e9e68ae98ce4171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\MouriNaruto\NSudoPrivate\Source\Native\Output\Binaries\Release\x64\NSudoLG.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
RtlUnwindEx
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
VerifyVersionInfoW
ReadFile
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount

user32

LoadImageW
DialogBoxParamW
EndDialog
SendMessageW
GetWindowTextW
EndPaint
BeginPaint
DrawIconEx
GetClientRect
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
SetWindowLongPtrW
MonitorFromWindow
GetDC
GetDlgItem
SetWindowTextW

gdi32

DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

shell32

DragQueryFileW
DragFinish

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken
WTSEnumerateSessionsW

msvcrt

strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__wgetmainargs
_msize
_XcptFilter
_errno
_wcmdln
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
realloc
ceil
log10
_clearfp
_set_fmode
_initterm_e
_initterm
_callnewh
memcpy
_wcsnicmp
malloc
free
strncmp
_wcsicmp
strrchr
__DestructExceptionObject
_amsg_exit
memmove
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
abort
__set_app_type
memcmp

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[10] Start Up Apps/IMOD.ps1
.ps1
Paragon/[1] Pro Service/[10] Start Up Apps/MSI Afterburner.lnk
.lnk
Paragon/[1] Pro Service/[10] Start Up Apps/SetTimerResolution.exe
.exe windows:6 windows x64 arch:x64

a89105adc09496b3eb2afe90983bb6c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\AMIT\source\repos\SetTimerResolution\x64\Release\SetTimerResolution.pdb

Imports

kernel32

GetCurrentProcess
Sleep
FreeConsole
LoadLibraryW
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

msvcp140

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memcmp
memcpy
__std_exception_copy
_purecall
__std_terminate
memchr
__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
memmove

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-string-l1-1-0

isspace

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[1]/[1] BCD.bat
Paragon/[1] Pro Service/[1]/[2] PowerPlan.bat
Paragon/[1] Pro Service/[1]/[3] MIT.bat
Paragon/[1] Pro Service/[2]/[1] DirectX.bat
Paragon/[1] Pro Service/[2]/[2] Timer Resolution.bat
.bat .ps1
Paragon/[1] Pro Service/[2]/[3] Visual C++.bat
Paragon/[1] Pro Service/[3]/[1] RAM.cmd
Paragon/[1] Pro Service/[4]/FSE 20H2 _ Lower/Disable FSE.bat
Paragon/[1] Pro Service/[4]/FSE 20H2 _ Lower/Enable FSE.bat
Paragon/[1] Pro Service/[4]/FSE 20H2 _ Lower/x FSE Apex.reg
Paragon/[1] Pro Service/[4]/FSE 20H2 _ Lower/x FSE FN.reg
Paragon/[1] Pro Service/[4]/FSE 20H2 _ Lower/x FSE Val.reg
Paragon/[1] Pro Service/[4]/FSE.bat
Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/._cache_nvidiaProfileInspector.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/Pro Service Profile.nip
Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/Reference.xml
.xml
Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/nvidiaProfileInspector.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[5]/NVIDIAProfileInspector/nvidiaProfileInspector.exe.config
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/._cache_Display Driver Uninstaller.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

25/03/2023, 23:59

Subject

CN=Wagnardsoft,O=Wagnardsoft,POSTALCODE=J7N 0W5,STREET=16915 Rue de la Perle,L=Mirabel,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:d9:b9:21:47:40:7c:69:c3:f9:b8:11:4f:1e:f4:c9:01:55:ef:f9:25:ac:95:6c:36:e3:fb:21:08:a4:d6:c9
Signer

Actual PE Digest

51:d9:b9:21:47:40:7c:69:c3:f9:b8:11:4f:1e:f4:c9:01:55:ef:f9:25:ac:95:6c:36:e3:fb:21:08:a4:d6:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ghisl\OneDrive\Documents\Programmation\wpf\display-drivers-uninstaller\display-driver-uninstaller\Display Driver Uninstaller\obj\Release\Display Driver Uninstaller.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/COPY THE IMAGES/THEN CLICK CLEAN AND RESTART.txt
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2023-09-18__16-43-14_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2023-09-18__16-43-17_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2023-09-18__16-43-21_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2023-09-19__21-28-16_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2023-09-19__21-28-21_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-19__20-49-28_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-24__13-55-06_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-25__21-01-22_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-26__18-09-31_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-26__18-09-35_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-26__19-19-06_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-26__19-19-14_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-03-26__19-24-58_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-04__15-41-45_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-04__15-51-28_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-04__15-51-35_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-06__18-40-16_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-06__19-11-56_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-06__19-11-59_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-04-07__14-39-37_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/DDU Logs/2024-06-04__15-42-54_DDULog.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Display Driver Uninstaller.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Display Driver Uninstaller.pdb
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Issues and solutions.txt
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Licence.txt
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Readme.txt
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/classroot.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/clsidleftover.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/driverfiles.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/driverfilesKMAFD.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/driverfilesKMPFD.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/driverfilesKMPFD.cfg.bak
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/interface.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/packages.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/AMD/services.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/classroot.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/clsidleftover.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/driverfiles.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/interface.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/packages.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/INTEL/services.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Arabic.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Bulgarian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Chinese (Simplified).xml
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Chinese (Traditional).xml
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Czech.xml
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Danish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Dutch.xml
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/English.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Finnish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/French.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/German.xml
.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Greek.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Hebrew.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Hungarian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Italian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Japanese.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Korean.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Macedonian (Latin).xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Persian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Polish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Portuguese.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/PortugueseBrazil.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Russian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Serbian (Cyrilic).xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Serbian (Latin).xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Slovak.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Slovenian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Spanish (Spain).xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Spanish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Swedish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Thai.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Turkish.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/Ukrainian.xml
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Languages/_For translators - ReadMe.txt
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/classroot.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/clsidleftover.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/clsidleftoverGFE.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/driverfiles.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/gfedriverfiles.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/gfedriverfiles.cfg.bak
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/gfeservice.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/interface.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/interfaceGFE.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/nvbservice.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/packages.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/NVIDIA/services.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/REALTEK/classroot.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/REALTEK/clsidleftover.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/REALTEK/driverfiles.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/REALTEK/packages.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/REALTEK/services.cfg
Paragon/[1] Pro Service/[5]/[1] DDU/DDU/Settings/Settings.xml
Paragon/[1] Pro Service/[5]/[2] NVCleanInstall/._cache_[1] NVCleanstall_1.16.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:5b:be:9e:1c:28:68:27:af:66:e7:a0:13:90:c2:06
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

24/06/2022, 13:22

Not After

14/04/2025, 20:06

Subject

SERIALNUMBER=604 057 982,CN=TechPowerUp LLC,O=TechPowerUp LLC,L=Spokane,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:f5:03:e7:ea:f0:8a:f2:72:b0:90:2e:f6:11:f3:69:2f:79:2f:db
Signer

Actual PE Digest

c9:f5:03:e7:ea:f0:8a:f2:72:b0:90:2e:f6:11:f3:69:2f:79:2f:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[5]/[2] NVCleanInstall/[1] NVCleanstall_1.16.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[6]/[1] Debloat.bat
Paragon/[1] Pro Service/[6]/[2] DEVM.bat
Paragon/[1] Pro Service/[6]/[3] GPW.bat
Paragon/[1] Pro Service/[7]/Controller/Controller.bat
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/1kHz.cmd
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/2kHz-4kHz.cmd
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/4kHz-8kHz.cmd
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/98ME/hidusbf.sys
.sys windows:4 windows x86 arch:x86

2fe6f85e44ca89d563d30b506ab727f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoCreateDevice
_except_handler3
IoDeleteDevice
IoDetachDevice
ZwQueryValueKey
PoCallDriver
PoStartNextPowerIrp
IofCompleteRequest
KeInitializeEvent
InterlockedIncrement
KeSetEvent
InterlockedDecrement
KeWaitForSingleObject
IofCallDriver
ExFreePool

usbd.sys

_USBD_ParseDescriptors@16

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/AMD64/1khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

2381c1ee5c1461ef217df28364930cee

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6
Signer

Actual PE Digest

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6

Digest Algorithm

sha256

PE Digest Matches

true

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67
Signer

Actual PE Digest

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/AMD64/2khz-4khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

84541687f18e3ffb4f8fe04db5f18fde

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:da:71:3b:27:da:28:a7:37:18:c6:b0:9d:c2:61:7e:8e:23:54:50:ef:11:ca:64:0d:d7:f4:89:1b:10:22:2a
Signer

Actual PE Digest

07:da:71:3b:27:da:28:a7:37:18:c6:b0:9d:c2:61:7e:8e:23:54:50:ef:11:ca:64:0d:d7:f4:89:1b:10:22:2a

Digest Algorithm

sha256

PE Digest Matches

true

be:5e:bd:40:f8:54:5d:71:98:6e:fd:32:80:63:7a:a8:51:0a:4d:3a
Signer

Actual PE Digest

be:5e:bd:40:f8:54:5d:71:98:6e:fd:32:80:63:7a:a8:51:0a:4d:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/AMD64/4khz-8khz/hidusbf.sys
.sys windows:5 windows x64 arch:x64

84541687f18e3ffb4f8fe04db5f18fde

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:58:48:66:65:a4:56:dc:bb:06:68:49:39:fe:bb:c9:5a:9b:f5:47:0a:55:84:d1:23:5b:ef:7b:06:6f:06:cc
Signer

Actual PE Digest

3e:58:48:66:65:a4:56:dc:bb:06:68:49:39:fe:bb:c9:5a:9b:f5:47:0a:55:84:d1:23:5b:ef:7b:06:6f:06:cc

Digest Algorithm

sha256

PE Digest Matches

true

df:02:03:ec:56:95:cd:8b:04:52:4b:0e:df:ca:49:54:03:52:e4:a4
Signer

Actual PE Digest

df:02:03:ec:56:95:cd:8b:04:52:4b:0e:df:ca:49:54:03:52:e4:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/AMD64/hidusbf.sys
.sys windows:5 windows x64 arch:x64

2381c1ee5c1461ef217df28364930cee

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6
Signer

Actual PE Digest

78:d5:57:74:02:76:a2:28:c3:ba:37:bb:de:b1:2d:7e:64:c7:eb:3d:39:a7:bd:3a:06:7b:56:2a:61:7d:51:d6

Digest Algorithm

sha256

PE Digest Matches

true

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67
Signer

Actual PE Digest

d7:17:48:ed:5d:88:d5:41:5c:37:22:a4:77:8c:82:43:0d:6c:84:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
__C_specific_handler
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/AMD64/nopatch/hidusbf.sys
.sys windows:5 windows x64 arch:x64

cfedb7338b9798a1a4e6640e5a6e1937

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:91:56:f9:e4:3e:76:de:06:f3:d1:b9:7e:d3:42:09:fc:e6:9e:11:70:68:61:bb:8a:0e:00:46:d1:d8:d4:3d
Signer

Actual PE Digest

23:91:56:f9:e4:3e:76:de:06:f3:d1:b9:7e:d3:42:09:fc:e6:9e:11:70:68:61:bb:8a:0e:00:46:d1:d8:d4:3d

Digest Algorithm

sha256

PE Digest Matches

true

89:57:b6:c1:c1:df:36:b3:45:a2:75:ea:41:43:2a:5b:d5:3c:3a:20
Signer

Actual PE Digest

89:57:b6:c1:c1:df:36:b3:45:a2:75:ea:41:43:2a:5b:d5:3c:3a:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
__C_specific_handler
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
ZwQueryValueKey
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
ExFreePool

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 128B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/HIDUSBF.INF
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/HIDUSBFU.INF
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/NTX86/1khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

b61c22861a2bc08dffd66e3957b1bb4d

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be
Signer

Actual PE Digest

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be

Digest Algorithm

sha256

PE Digest Matches

true

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c
Signer

Actual PE Digest

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/NTX86/2khz-4khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

34af1360f83df6c59c2f28d9cb2cba57

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:91:95:b2:39:09:aa:bd:d6:85:41:3e:bb:1d:16:b5:05:1a:87:82:f2:7e:c2:e5:d7:ee:d3:8c:e8:48:0e:91
Signer

Actual PE Digest

31:91:95:b2:39:09:aa:bd:d6:85:41:3e:bb:1d:16:b5:05:1a:87:82:f2:7e:c2:e5:d7:ee:d3:8c:e8:48:0e:91

Digest Algorithm

sha256

PE Digest Matches

true

58:a6:c0:67:dd:db:c1:79:5c:c6:1d:e5:5e:49:95:2e:3e:4c:6b:54
Signer

Actual PE Digest

58:a6:c0:67:dd:db:c1:79:5c:c6:1d:e5:5e:49:95:2e:3e:4c:6b:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/NTX86/4khz-8khz/hidusbf.sys
.sys windows:5 windows x86 arch:x86

34af1360f83df6c59c2f28d9cb2cba57

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:69:94:92:98:b0:ce:ce:d5:00:b9:b1:67:06:8f:77:cd:09:60:70:11:fa:a9:ba:d9:2b:d4:e1:b9:24:c7:60
Signer

Actual PE Digest

19:69:94:92:98:b0:ce:ce:d5:00:b9:b1:67:06:8f:77:cd:09:60:70:11:fa:a9:ba:d9:2b:d4:e1:b9:24:c7:60

Digest Algorithm

sha256

PE Digest Matches

true

15:7e:fc:5b:fd:5e:e9:d7:bb:86:a9:e8:49:f4:a3:5b:10:ba:1e:8c
Signer

Actual PE Digest

15:7e:fc:5b:fd:5e:e9:d7:bb:86:a9:e8:49:f4:a3:5b:10:ba:1e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwQueryValueKey
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/NTX86/hidusbf.sys
.sys windows:5 windows x86 arch:x86

b61c22861a2bc08dffd66e3957b1bb4d

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be
Signer

Actual PE Digest

77:49:06:31:53:85:82:af:5b:53:33:e9:0d:dc:8c:0f:02:92:a0:28:51:b1:45:9f:f6:29:87:22:7e:ba:be:be

Digest Algorithm

sha256

PE Digest Matches

true

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c
Signer

Actual PE Digest

61:19:64:6e:39:62:3f:a4:57:d8:59:5f:85:9d:9a:a6:75:7b:3c:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
_except_handler3
ZwQueryValueKey
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
ZwClose
ExFreePoolWithTag

usbd.sys

USBD_ParseDescriptors

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/NTX86/nopatch/hidusbf.sys
.sys windows:5 windows x86 arch:x86

ff806606d50632c55cde2947b6f8af7e

Code Sign

05:4a:ba:e2:d0:d4:b4:12:4a:8e:9f:32:01:3f:ce:57
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a2:25:57:5a:31:16:d1:e7:27:b0:b8:79:d1:d0:73
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/04/2016, 00:00

Not After

18/04/2017, 12:00

Subject

CN=Jeshua Starr Scully,O=Jeshua Starr Scully,L=Madison,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:93:f6:ee:76:37:09:92:ea:44:03:2a:9a:af:16:00:6d:2d:af:f0:90:02:8a:e7:98:a2:76:a9:ab:77:ea:69
Signer

Actual PE Digest

35:93:f6:ee:76:37:09:92:ea:44:03:2a:9a:af:16:00:6d:2d:af:f0:90:02:8a:e7:98:a2:76:a9:ab:77:ea:69

Digest Algorithm

sha256

PE Digest Matches

true

f3:a0:e3:0c:83:05:05:a7:54:b5:6c:67:00:4c:de:5a:51:2a:10:4c
Signer

Actual PE Digest

f3:a0:e3:0c:83:05:05:a7:54:b5:6c:67:00:4c:de:5a:51:2a:10:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwClose
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
_except_handler3
IoDeleteDevice
ZwQueryValueKey
IoReleaseRemoveLockEx
IofCallDriver
IoAcquireRemoveLockEx
PoCallDriver
PoStartNextPowerIrp
IoReleaseRemoveLockAndWaitEx
IofCompleteRequest
IoDetachDevice
ExFreePool

usbd.sys

_USBD_ParseDescriptors@16

Sections

.text
Size: 992B - Virtual size: 978B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/nopatch.cmd
Paragon/[1] Pro Service/[7]/Controller/hidusbf/DRIVER/sx64.exe
.exe windows:5 windows x64 arch:x64

d4fa6722ea3a7bcd5e00f6b8c635b3ca

Code Sign

3e:ea:bd:93:c8:a2:b0:9b:4d:e3:c9:0e:3d:28:d8:2e
Certificate

Issuer

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Not Before

05/06/1973, 21:00

Not After

30/12/2999, 21:00

Subject

CN=SweetLow,1.2.840.113549.1.9.1=#0c0f73776565746c6f77407475742e6279

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:87:86:e5:9f:14:71:c6:b6:ab:b7:87:0c:0f:d7:29:30:e7:0a:e4
Signer

Actual PE Digest

99:87:86:e5:9f:14:71:c6:b6:ab:b7:87:0c:0f:d7:29:30:e7:0a:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwindEx
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ReadFile
FlushFileBuffers
CloseHandle

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDeviceInfoA
SetupDiCreateDeviceInfoList

shell32

ShellExecuteA

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/Controller/hidusbf/README.2kHz-8kHz.ENG.TXT
Paragon/[1] Pro Service/[7]/Controller/hidusbf/README.ENG.TXT
Paragon/[1] Pro Service/[7]/Controller/hidusbf/README.RUS.TXT
Paragon/[1] Pro Service/[7]/Controller/hidusbf/SweetLow.CER
Paragon/[1] Pro Service/[7]/Keyboard/FilterKeysSetter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[7]/[1] AMD GPU/[1] Final.bat
Paragon/[1] Pro Service/[7]/[1] NVIDIA GPU/[1] Final.bat
Paragon/[1] Pro Service/[7]/[x] Valorant.bat
Paragon/[1] Pro Service/[7]/mc.bat
Paragon/[1] Pro Service/[7]/usb.bat
.bat .ps1
Paragon/[1] Pro Service/[8]/._cache_[6] FORTNITE SETTINGS.exe
.exe windows:6 windows x86 arch:x86

5faa4e2549a90b4b068a8d326d23ab61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb

Imports

kernel32

MultiByteToWideChar
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
ResumeThread
GetCurrentThreadId
Sleep
TlsAlloc
GetCurrentThread
CreateThread
WaitForMultipleObjectsEx
SignalObjectAndWait
SetThreadStackGuarantee
VirtualQuery
GetStdHandle
WideCharToMultiByte
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
SetEvent
GetCurrentProcessorNumber
GlobalMemoryStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
GetQueuedCompletionStatus
InterlockedPopEntrySList
GetCurrentProcessorNumberEx
ExitProcess
CreateMemoryResourceNotification
GetProcessAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetLargePageMinimum
VirtualUnlock
ResetWriteWatch
GetWriteWatch
GetLogicalProcessorInformation
SetThreadGroupAffinity
SetThreadAffinityMask
IsProcessInJob
QueryInformationJobObject
K32GetProcessMemoryInfo
VirtualAlloc
VirtualFree
VirtualProtect
SwitchToThread
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
GetThreadContext
SuspendThread
SetThreadContext
GetEnabledXStateFeatures
InitializeContext
CopyContext
GetSystemDefaultLCID
GetUserDefaultLCID
OutputDebugStringA
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
FindClose
GetModuleFileNameW
FindNextFileW
QueryThreadCycleTime
VirtualAllocExNuma
GetNumaProcessorNodeEx
GetNumaHighestNodeNumber
GetSystemTimes
GetSystemTimeAsFileTime
CreateProcessW
GetCPInfo
LoadLibraryExW
CreateFileW
GetFileAttributesExW
GetTempPathW
GetCurrentDirectoryW
FindFirstFileExW
GetFullPathNameW
OpenProcess
LoadLibraryExA
OpenEventW
ExitThread
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
CreateFileMappingW
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
CreateDirectoryW
RemoveDirectoryW
GetFileSizeEx
LoadLibraryA
InitializeCriticalSectionAndSpinCount
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
RaiseFailFastException
FreeLibrary
RaiseException
WaitForSingleObject
TlsSetValue
TlsGetValue
GetSystemInfo
ReadProcessMemory
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetProcessTimes
GetCommandLineW
ReadFile
SetFilePointer
GetProcAddress
GetModuleHandleExW
SetErrorMode
CloseHandle
GetCurrentProcess
FlushProcessWriteBuffers
SetLastError
GetLastError
OutputDebugStringW
SetXStateFeaturesMask
DebugBreak
DecodePointer
GetStringTypeW
IsProcessorFeaturePresent
EncodePointer
TlsFree
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetExitCodeThread
CreateFileMappingA

advapi32

RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite

ole32

CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoReleaseMarshalData
CoInitializeEx
IIDFromString
CoRegisterInitializeSpy
CoGetMarshalSizeMax
CoMarshalInterface
CoUnmarshalInterface
CoGetContextToken
CoGetClassObject
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoRevokeInitializeSpy
CLSIDFromProgID
CoWaitForMultipleHandles
StringFromGUID2
CoTaskMemFree
CoGetObjectContext

oleaut32

SafeArrayAllocDescriptorEx
GetRecordInfoFromTypeInfo
SafeArraySetRecordInfo
SafeArrayAllocData
SafeArrayGetElemsize
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
VariantInit
VariantClear
VarCyFromDec
VariantChangeType
SafeArrayGetVartype
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString
VariantChangeTypeEx

user32

MessageBoxW
LoadStringW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

isspace
strtok_s
_wcsnicmp
strncmp
wcscpy_s
_strnicmp
strcpy_s
strlen
strcmp
_strdup
strncpy_s
wcsncmp
iswupper
towlower
isalpha
isdigit
wcstok_s
strcat_s
strcspn
_stricmp
wcsnlen
isupper
iswspace
_wcsicmp
_wcsdup
strncat_s
wcsncpy_s
tolower
islower
wcsncat_s
strnlen
__strncnt
iswascii
towupper
wcscat_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_wfsopen
__stdio_common_vfprintf
fwrite
fputc
__stdio_common_vswprintf
__p__commode
__stdio_common_vswprintf_s
_putws
fgetc
_flushall
fputws
fputwc
_get_stream_buffer_pointers
fopen
_fseeki64
fread
__stdio_common_vsprintf_s
fsetpos
__acrt_iob_func
fflush
fputs
__stdio_common_vsnwprintf_s
ungetc
fgetpos
__stdio_common_vsscanf
setvbuf
_setmode
_dup
_fileno
ftell
fseek
fgets
fclose
_wfopen
__stdio_common_vfwprintf
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_errno
_invalid_parameter_noinfo_noreturn
_beginthreadex
_wcserror
_get_initial_wide_environment
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit
_configure_wide_argv
_initialize_wide_environment
_invalid_parameter_noinfo
_initterm
_initterm_e

api-ms-win-crt-convert-l1-1-0

atoi
_ltow_s
_wtoi
_wcstoui64
strtoul
strtoull
atol
_itow_s
wcstoul

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
free
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

_CIcosh
__libm_sse2_tan
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_CIfmod
_CIsinh
_CItanh
__libm_sse2_sin
__libm_sse2_acos
__libm_sse2_asin
__libm_sse2_atan
_copysign
log2
atanh
modf
ilogb
cbrt
asinh
asinhf
ilogbf
atanhf
cbrtf
acoshf
log2f
_libm_sse2_atan_precise
__libm_sse2_pow
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_isnan
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_fdopen
_libm_sse2_tan_precise
ceil
_finite
__libm_sse2_atan2
_CIatan2
__libm_sse2_cos
floor
__libm_sse2_log10
frexp
fma
fmaf
__libm_sse2_exp
acosh
__libm_sse2_log
__setusermatherr

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
wcsftime

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
_lock_locales
_unlock_locales
setlocale
__pctype_func
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename
_lock_file
_unlock_file

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[8]/Defender 1.bat
Paragon/[1] Pro Service/[8]/Disable Services (Snip Tool).bat
Paragon/[1] Pro Service/[8]/Disable Services.bat
Paragon/[1] Pro Service/[8]/Engine.ini
Paragon/[1] Pro Service/[8]/Temp Files Cleaning/Cleanup.bat
.bat .vbs
Paragon/[1] Pro Service/[8]/Temp Files Cleaning/Device Cleanup.exe
.exe windows:5 windows x64 arch:x64

b944dd89cb10ccf30dd0b3911e1d20c1

Code Sign

5b:16:02:a6:5c:10:8c:b5:47:a1:5f:08:9a:33:5c:5b
Certificate

Issuer

CN=Uwe Sieber,O=www.uwe-sieber.de,1.2.840.113549.1.9.1=#0c126d61696c407577652d7369656265722e6465

Not Before

08/09/2011, 13:43

Not After

30/12/2099, 22:00

Subject

CN=Uwe Sieber,O=www.uwe-sieber.de,1.2.840.113549.1.9.1=#0c126d61696c407577652d7369656265722e6465

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ca:ff:fd:2c:ff:90:69:28:e0:e2:22:0e:f9:6c:62:77:1d:16:72:12
Signer

Actual PE Digest

ca:ff:fd:2c:ff:90:69:28:e0:e2:22:0e:f9:6c:62:77:1d:16:72:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

u:\1Source\VC\DeviceCleanupGui\Release_x64\DeviceCleanup.pdb

Imports

shlwapi

StrChrW
PathFindFileNameW
StrStrIW
StrToIntA
PathRenameExtensionA
StrStrW
PathGetArgsW
StrCmpNW
StrToIntW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassImageList
SetupDiGetClassImageIndex
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Registry_PropertyW
SetupDiCallClassInstaller
CM_Locate_DevNodeW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
CM_Get_Device_IDW
SetupDiEnumDeviceInfo

comctl32

ord17

kernel32

ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW
GetProcessHeap
HeapAlloc
Sleep
Beep
HeapValidate
HeapFree
HeapSize
FreeLibrary
CloseHandle
GetLastError
GetTickCount
GetProcAddress
lstrlenA
lstrlenW
WriteFile
GetStdHandle
MultiByteToWideChar
WritePrivateProfileStringA
WritePrivateProfileStructA
CreateThread
lstrcmpW
GetPrivateProfileStructA
lstrcatW
GetPrivateProfileIntA
GetModuleFileNameA
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
LocalFree
GetVersionExW
LoadLibraryA
GetSystemDirectoryA
SetLastError
LoadLibraryW
GetModuleHandleA
SetEnvironmentVariableA
SystemTimeToFileTime
GetSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
lstrcmpiW
QueryDosDeviceW
lstrcatA

user32

GetParent
EndDialog
GetDlgItem
PtInRect
ClientToScreen
SetFocus
KillTimer
DestroyWindow
PostQuitMessage
DestroyMenu
ShowWindow
DialogBoxParamW
SetForegroundWindow
SetTimer
SetWindowPlacement
GetDesktopWindow
EnableMenuItem
SetMenuDefaultItem
AppendMenuW
CreateMenu
SetWindowTextW
GetWindowTextW
CreateDialogParamW
GetMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
LoadAcceleratorsW
DrawTextExW
EnableWindow
SystemParametersInfoW
LoadIconW
GetSysColor
GetSysColorBrush
GetForegroundWindow
MonitorFromPoint
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
InvalidateRect
MoveWindow
SetDlgItemTextW
GetDC
ReleaseDC
SetWindowPos
PostMessageW
LoadCursorW
SetClassLongPtrW
SetCursor
GetCursorPos
SetCursorPos
MessageBoxW
GetWindowRect
GetClientRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateWindow
ScreenToClient
TrackPopupMenu
IsWindowVisible
GetSystemMetrics
LoadImageW
SendMessageW
GetMenu
SetMenuItemBitmaps
SetMenuItemInfoW
wvsprintfA
MessageBoxA
wsprintfW
wsprintfA
GetWindowPlacement

gdi32

DeleteObject
SetBkColor
SetTextColor
SetBkMode
GetTextMetricsW
GetDeviceCaps
GetTextExtentPoint32W
SetMapMode
GetTextFaceW
CreateFontIndirectW
SelectObject
GetStockObject

advapi32

CheckTokenMembership
RegQueryInfoKeyW
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
CreateWellKnownSid
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid

shell32

ShellExecuteW

ole32

CoInitializeEx
CLSIDFromString
CoInitializeSecurity

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[8]/Temp Files Cleaning/[5] adwcleaner.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[8]/WPD/._cache_WPD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Repository\NostromoDigital\WPD\WPD\obj\Release\WPD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[8]/WPD/Constructor.json
.jpg
Paragon/[1] Pro Service/[8]/WPD/Localization.json
Paragon/[1] Pro Service/[8]/WPD/README.txt
Paragon/[1] Pro Service/[8]/Wub.ini
Paragon/[1] Pro Service/[8]/[3] DISABLE UPDATES.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[8]/[6] FORTNITE SETTINGS.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58.5MB - Virtual size: 58.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[1] Pro Service/[9]/#FSE-QOS for Games.bat
.bat .ps1
Paragon/[1] Pro Service/[9]/Adapter Settings.bat
Paragon/[1] Pro Service/[9]/Disable Net BIOS.bat
Paragon/[1] Pro Service/[9]/Ethernet/[1] Network.bat
Paragon/[1] Pro Service/[9]/desktop.ini
Paragon/[2] Auto Scewin/BIOSSettings.exe
.exe windows:5 windows x64 arch:x64

8e94250c88a6c0e478828f96bcbb1662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
EnterCriticalSection
DuplicateHandle
GetStdHandle
CreatePipe
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentProcess
GetCurrentThread
LeaveCriticalSection
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
TlsAlloc
ResetEvent
WaitForSingleObjectEx
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CloseHandle
WriteConsoleW
MoveFileW
RtlCaptureContext

user32

GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetWindowLongW
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongPtrW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
SetWindowLongPtrW
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
IsCharUpperW
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
GetClipboardData
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
GetKeyboardLayoutNameW
ClientToScreen
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
SetMenuDefaultItem
CloseClipboard
GetWindowRect
SetUserObjectSecurity
IsClipboardFormatAvailable
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
OpenClipboard
GetWindowLongPtrW

gdi32

EndPath
DeleteObject
GetDeviceCaps
ExtCreatePen
StrokePath
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
GetTextExtentPoint32W
CreateCompatibleBitmap
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StretchBlt
SelectObject
CreateCompatibleDC
StrokeAndFillPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegSetValueExW
GetSecurityDescriptorDacl
GetAclInformation
RegCreateKeyExW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW
GetUserNameW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

VariantChangeType
DispCallFunc
CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
VariantTimeToSystemTime
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
VariantInit
VariantClear
VariantCopy
SysAllocString
SafeArrayCreateVector
VarR8FromDec
SafeArrayAllocDescriptorEx
SafeArrayAllocData
SysStringLen
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
SysReAllocString
SafeArrayAccessData

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[2] Auto Scewin/BIOSSettings.txt
Paragon/[2] Auto Scewin/Dupes.txt
Paragon/[2] Auto Scewin/Export.bat
Paragon/[2] Auto Scewin/Import - ASrock.bat
Paragon/[2] Auto Scewin/Import.bat
Paragon/[2] Auto Scewin/SCEWIN_64.exe
.exe windows:5 windows x64 arch:x64

c6ad08a1589dd9cf353748c20ce378ce

Code Sign

b9:96:37:58:ea:d2:36:c6:e1:5c:d4:8b:a5:43:3a:ae
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/09/2020, 00:00

Not After

21/09/2023, 23:59

Subject

SERIALNUMBER=7155083,CN=AMI US HOLDINGS INC,O=AMI US HOLDINGS INC,POSTALCODE=30093,STREET=5555 Oakbrook Parkway Suite 200,L=Norcross,ST=Georgia,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2
Signer

Actual PE Digest

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
SetConsoleCtrlHandler
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
RaiseException
RtlPcToFileHeader
HeapSize
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
GetVersionExW
LoadLibraryExW
GetCommandLineA
GetProcessHeap
SetEndOfFile
GetWindowsDirectoryA
LoadLibraryA
GetSystemDirectoryA
CloseHandle
GetFullPathNameA
GetSystemFirmwareTable
SetThreadExecutionState
CreateMutexA
SetProcessAffinityMask
GetVersionExA
GetCurrentDirectoryA
GetModuleHandleA
DeleteFileA
CreateFileA
DeviceIoControl
CreateNamedPipeA
ReadFile
CreateThread
LocalFree
GetLocalTime
DebugBreak
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointer
CreateFileW
WriteConsoleW
SetStdHandle

advapi32

DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA

shell32

ShellExecuteA

user32

SystemParametersInfoA
BlockInput
ExitWindowsEx
MessageBoxA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
wsprintfA

Sections

.text
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Paragon/[2] Auto Scewin/amifldrv64.sys
.sys windows:6 windows x64 arch:x64

4fbdc03e4487f98fb59360ea5b3e640d

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:55:cd:b4:e7:e8:ee:b9:dd:5d:89:fc:1d:75:88:ca
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2017, 00:00

Not After

24/09/2020, 12:00

Subject

SERIALNUMBER=J912954,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:9a:b9:53:02:bb:44:c7:a7:da:fa:f3:42:ca:93:34:22:ea:03:ed:7b:49:2b:e2:04:a3:19:16:1f:eb:35:0e
Signer

Actual PE Digest

70:9a:b9:53:02:bb:44:c7:a7:da:fa:f3:42:ca:93:34:22:ea:03:ed:7b:49:2b:e2:04:a3:19:16:1f:eb:35:0e

Digest Algorithm

sha256

PE Digest Matches

true

c4:2f:ea:a6:c9:78:8b:71:61:b7:65:f7:25:07:02:04:f7:b5:e3:ec
Signer

Actual PE Digest

c4:2f:ea:a6:c9:78:8b:71:61:b7:65:f7:25:07:02:04:f7:b5:e3:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\amibios\utility\amiflashdriver\flashdriverwin64\Release\amd64\amifldrv64.pdb

Imports

ntoskrnl.exe

ZwMapViewOfSection
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
MmMapIoSpace
MmMapLockedPagesSpecifyCache
IoAllocateMdl
MmAllocateContiguousMemory
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
MmGetPhysicalAddress
MmUnmapIoSpace

hal

HalTranslateBusAddress

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Paragon/[2] Auto Scewin/amigendrv64.sys
.sys windows:10 windows x64 arch:x64

07a42e80559d960b176c0fc8fd309bfe

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:55:cd:b4:e7:e8:ee:b9:dd:5d:89:fc:1d:75:88:ca
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2017, 00:00

Not After

24/09/2020, 12:00

Subject

SERIALNUMBER=J912954,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:67:b3:3a:95:b4:db:0a:12:44:cb:3b:95:d4:02:45:87:d9:a5:a9:52:22:ba:bb:03:32:10:e6:b1:11:d2:fb
Signer

Actual PE Digest

51:67:b3:3a:95:b4:db:0a:12:44:cb:3b:95:d4:02:45:87:d9:a5:a9:52:22:ba:bb:03:32:10:e6:b1:11:d2:fb

Digest Algorithm

sha256

PE Digest Matches

true

60:55:db:c4:53:c1:11:e5:7c:85:ec:8c:fa:d9:e6:e1:14:21:c8:d4
Signer

Actual PE Digest

60:55:db:c4:53:c1:11:e5:7c:85:ec:8c:fa:d9:e6:e1:14:21:c8:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\AMIBIOS\Utility\AmiFlashDriver\AmiFlashDriverSrc\sys\x64\Release\amifldrv64.pdb

Imports

ntoskrnl.exe

MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocateContiguousMemory
MmFreeContiguousMemory
IoAllocateMdl
IoFreeMdl
MmGetPhysicalAddress
RtlInitUnicodeString
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
KeLowerIrql
KfRaiseIrql
MmBuildMdlForNonPagedPool
MmUnmapIoSpace
ObReferenceObjectByHandle
ZwClose
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ExFreePoolWithTag
MmGetSystemRoutineAddress
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
MmMapIoSpace
RtlCompareMemory

hal

HalTranslateBusAddress

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Paragon/[2] Auto Scewin/anti-keys.txt
Paragon/[2] Auto Scewin/keys.txt

Sharing

General

Malware Config

Signatures

Files

1188b455132bc86c7e9e68ae98ce4171

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

userenv

wtsapi32

msvcrt

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 288B

a89105adc09496b3eb2afe90983bb6c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 636B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 517KB - Virtual size: 517KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

CODE Size: 615KB - Virtual size: 614KB

DATA Size: 12KB - Virtual size: 11KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 57B

.reloc Size: 42KB - Virtual size: 42KB

.rsrc Size: 607KB - Virtual size: 606KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 288B

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 517KB - Virtual size: 517KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 615KB - Virtual size: 614KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 57B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 607KB - Virtual size: 606KB

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:d9:b9:21:47:40:7c:69:c3:f9:b8:11:4f:1e:f4:c9:01:55:ef:f9:25:ac:95:6c:36:e3:fb:21:08:a4:d6:c9
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 615KB - Virtual size: 614KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 57B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

11:5b:be:9e:1c:28:68:27:af:66:e7:a0:13:90:c2:06
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

c9:f5:03:e7:ea:f0:8a:f2:72:b0:90:2e:f6:11:f3:69:2f:79:2f:db
Signer

.text
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 615KB - Virtual size: 614KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 57B