dialog
initDialog
show
Overview
overview
7Static
static
38254900470...18.exe
windows7-x64
78254900470...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3CopyInf.exe
windows7-x64
3CopyInf.exe
windows10-2004-x64
3MVXBL.sys
windows7-x64
1MVXBL.sys
windows10-2004-x64
1MVXBL64.sys
windows7-x64
1MVXBL64.sys
windows10-2004-x64
1MVXPROBL.sys
windows7-x64
1MVXPROBL.sys
windows10-2004-x64
1MVXPROBL64.sys
windows7-x64
1MVXPROBL64.sys
windows10-2004-x64
1PLSLTBL.sys
windows7-x64
1PLSLTBL.sys
windows10-2004-x64
1PLSLTBL64.sys
windows7-x64
1PLSLTBL64.sys
windows10-2004-x64
1ULSPRINT.sys
windows7-x64
1ULSPRINT.sys
windows10-2004-x64
1VERSA2BL.sys
windows7-x64
1VERSA2BL.sys
windows10-2004-x64
1VERSA2BL64.sys
windows7-x64
1VERSA2BL64.sys
windows10-2004-x64
1Wait4FixUSB.exe
windows7-x64
3Wait4FixUSB.exe
windows10-2004-x64
3Wait4NoUSB.exe
windows7-x64
3Wait4NoUSB.exe
windows10-2004-x64
3Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
825490047045924f20bbf19ce09635ff_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
825490047045924f20bbf19ce09635ff_JaffaCakes118.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240730-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
CopyInf.exe
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
CopyInf.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
MVXBL.sys
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
MVXBL.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
MVXBL64.sys
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
MVXBL64.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
MVXPROBL.sys
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
MVXPROBL.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
MVXPROBL64.sys
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
MVXPROBL64.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
PLSLTBL.sys
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
PLSLTBL.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
PLSLTBL64.sys
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral22
Sample
PLSLTBL64.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral23
Sample
ULSPRINT.sys
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
ULSPRINT.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
VERSA2BL.sys
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
VERSA2BL.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
VERSA2BL64.sys
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
VERSA2BL64.sys
Resource
win10v2004-20240730-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral29
Sample
Wait4FixUSB.exe
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral30
Sample
Wait4FixUSB.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral31
Sample
Wait4NoUSB.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral32
Sample
Wait4NoUSB.exe
Resource
win10v2004-20240730-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
825490047045924f20bbf19ce09635ff_JaffaCakes118
-
Size
465KB
-
MD5
825490047045924f20bbf19ce09635ff
-
SHA1
558a1ae1a62686acd18c7c6a4bd790f2418c4122
-
SHA256
ffa1f722b9784a529196a70cbdf3862d40f9c0446291b07a8681870283509b93
-
SHA512
13ec214e80293c5392c0e4c241bf3dc01fbda7be2048a24d814cb667e8785ed920433b42294e1a478c4f627f3464f7ace29fef1d40629a1f7ba6064686d22071
-
SSDEEP
12288:CLM+opOk1j50sqpNGE3T0ltu22WFPKoJgA:CSp1WGEU2W4oSA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource 825490047045924f20bbf19ce09635ff_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/UserInfo.dll unpack001/CopyInf.exe -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
825490047045924f20bbf19ce09635ff_JaffaCakes118.exe windows:4 windows x86 arch:x86
099c0646ea7282d232219f8807883be0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
afa8e526425f3585465337467d0b5909
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc
advapi32
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken
Exports
Exports
GetAccountType
GetName
GetOriginalAccountType
Sections
.text Size: 1024B - Virtual size: 741B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 673B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 190B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
CopyInf.exe.exe windows:4 windows x86 arch:x86
7b733f08961a0cf9f3a42c915313b2ed
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExW
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
GetModuleFileNameA
Sleep
FreeEnvironmentStringsW
GetStringTypeA
HeapReAlloc
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
GetACP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
user32
MessageBoxW
GetNextDlgTabItem
GetFocus
SendMessageW
GetDlgCtrlID
FindWindowW
ShowWindow
DefWindowProcW
CreateWindowExW
wsprintfW
LoadCursorW
RegisterClassExW
gdi32
GetStockObject
setupapi
SetupCopyOEMInfW
Sections
.text Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
MVXBL.sys.sys windows:5 windows x86 arch:x86
78aac4e01f10792109984f719a87507f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3a:2a:7b:ad:4e:21:6f:5c:bb:d2:cc:2c:a3:cd:38:b1:2a:93:51:b3Signer
Actual PE Digest3a:2a:7b:ad:4e:21:6f:5c:bb:d2:cc:2c:a3:cd:38:b1:2a:93:51:b3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\5.27.48\loader\fre\i386\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
wcscpy
IoAllocateErrorLogEntry
wcslen
ExFreePool
ZwClose
ExAllocatePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcscat
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IofCompleteRequest
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 501B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 802B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 354B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MVXBL64.sys.sys windows:6 windows x64 arch:x64
a0ff532ef83926894f0a427e4afeae55
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
cf:87:28:33:b3:c4:32:c1:65:49:ef:a9:09:f7:83:44:8e:7b:8d:59Signer
Actual PE Digestcf:87:28:33:b3:c4:32:c1:65:49:ef:a9:09:f7:83:44:8e:7b:8d:59Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\gina-loader-64\fre\amd64\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
ZwReadFile
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoDetachDevice
IoAllocateErrorLogEntry
ZwCreateFile
ZwQueryValueKey
ExAllocatePool
ExFreePool
ZwClose
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
IoCreateDevice
ZwQueryInformationFile
IofCallDriver
ZwOpenKey
KeBugCheckEx
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MVXPROBL.sys.sys windows:5 windows x86 arch:x86
78aac4e01f10792109984f719a87507f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
88:d8:06:3d:49:7b:3d:ef:48:91:da:38:d4:44:5d:68:a7:1f:99:cfSigner
Actual PE Digest88:d8:06:3d:49:7b:3d:ef:48:91:da:38:d4:44:5d:68:a7:1f:99:cfDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\5.27.48\loader\fre\i386\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
wcscpy
IoAllocateErrorLogEntry
wcslen
ExFreePool
ZwClose
ExAllocatePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcscat
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IofCompleteRequest
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 501B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 802B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 354B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MVXPROBL64.sys.sys windows:6 windows x64 arch:x64
a0ff532ef83926894f0a427e4afeae55
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
b2:d6:4f:2f:6b:17:ed:79:08:06:2e:4a:31:1b:0f:7c:36:53:3a:d4Signer
Actual PE Digestb2:d6:4f:2f:6b:17:ed:79:08:06:2e:4a:31:1b:0f:7c:36:53:3a:d4Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\gina-loader-64\fre\amd64\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
ZwReadFile
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoDetachDevice
IoAllocateErrorLogEntry
ZwCreateFile
ZwQueryValueKey
ExAllocatePool
ExFreePool
ZwClose
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
IoCreateDevice
ZwQueryInformationFile
IofCallDriver
ZwOpenKey
KeBugCheckEx
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PLSLTBL.sys.sys windows:5 windows x86 arch:x86
78aac4e01f10792109984f719a87507f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
35:89:0a:9b:e4:8a:80:df:c8:fa:19:d9:bc:2b:9d:28:66:15:45:34Signer
Actual PE Digest35:89:0a:9b:e4:8a:80:df:c8:fa:19:d9:bc:2b:9d:28:66:15:45:34Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\5.27.48\loader\fre\i386\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
wcscpy
IoAllocateErrorLogEntry
wcslen
ExFreePool
ZwClose
ExAllocatePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcscat
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IofCompleteRequest
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 501B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 802B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 354B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PLSLTBL64.sys.sys windows:6 windows x64 arch:x64
a0ff532ef83926894f0a427e4afeae55
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
57:52:f6:19:b5:92:e5:cd:86:ca:41:26:be:bd:2a:73:87:02:de:1fSigner
Actual PE Digest57:52:f6:19:b5:92:e5:cd:86:ca:41:26:be:bd:2a:73:87:02:de:1fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\gina-loader-64\fre\amd64\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
ZwReadFile
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoDetachDevice
IoAllocateErrorLogEntry
ZwCreateFile
ZwQueryValueKey
ExAllocatePool
ExFreePool
ZwClose
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
IoCreateDevice
ZwQueryInformationFile
IofCallDriver
ZwOpenKey
KeBugCheckEx
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PLSLTFW49_correction.hex
-
ULSPRINT.SYS.sys windows:5 windows x86 arch:x86
e367f70560fbccc47876fa9a1f169f25
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
d4:ac:5f:10:a4:04:63:f3:7c:67:fa:aa:6e:a8:8c:78:84:62:fe:aeSigner
Actual PE Digestd4:ac:5f:10:a4:04:63:f3:7c:67:fa:aa:6e:a8:8c:78:84:62:fe:aeDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\ULSprint\objfre_wxp_x86\i386\ulsprint.pdb
Imports
ntoskrnl.exe
PoSetPowerState
KeInitializeEvent
KeInitializeSpinLock
IoCreateDevice
ExInitializeNPagedLookasideList
memmove
ExAllocatePoolWithTag
RtlQueryRegistryValues
wcslen
KeSetEvent
KeClearEvent
InterlockedIncrement
InterlockedDecrement
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IofCompleteRequest
InterlockedExchange
KeCancelTimer
IoDeleteDevice
IoSetDeviceInterfaceState
IoAttachDeviceToDeviceStack
IoAllocateWorkItem
KeSetTimerEx
PoStartNextPowerIrp
PoCallDriver
PoRequestPowerIrp
IoCancelIrp
IoFreeIrp
IoAllocateIrp
IoWMIRegistrationControl
RtlInitUnicodeString
InterlockedPopEntrySList
InterlockedPushEntrySList
IoFreeMdl
IoBuildPartialMdl
MmUnmapLockedPages
IoAllocateMdl
IoIsWdmVersionAvailable
KeInitializeDpc
KeInitializeTimerEx
IoRegisterDeviceInterface
IoQueueWorkItem
IoDetachDevice
ExFreePool
RtlFreeUnicodeString
ExDeleteNPagedLookasideList
hal
KfAcquireSpinLock
KfReleaseSpinLock
wmilib.sys
WmiSystemControl
WmiCompleteRequest
usbd.sys
USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 369B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VERSA2BL.sys.sys windows:5 windows x86 arch:x86
78aac4e01f10792109984f719a87507f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
e6:1c:a4:25:74:11:d3:94:24:c1:a7:91:90:fa:83:3e:ab:0d:49:95Signer
Actual PE Digeste6:1c:a4:25:74:11:d3:94:24:c1:a7:91:90:fa:83:3e:ab:0d:49:95Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\5.27.48\loader\fre\i386\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
wcscpy
IoAllocateErrorLogEntry
wcslen
ExFreePool
ZwClose
ExAllocatePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcscat
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IofCompleteRequest
KeSetEvent
InterlockedDecrement
InterlockedIncrement
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
RtlCopyUnicodeString
KeTickCount
KeBugCheckEx
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 501B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 802B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 354B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VERSA2BL64.sys.sys windows:6 windows x64 arch:x64
a0ff532ef83926894f0a427e4afeae55
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7f:00:7b:ff:11:5a:ea:75:8e:7b:ac:e3:e6:e8:9a:0e:e4:9b:a9:3bSigner
Actual PE Digest7f:00:7b:ff:11:5a:ea:75:8e:7b:ac:e3:e6:e8:9a:0e:e4:9b:a9:3bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\gina-loader-64\fre\amd64\MVXBL.pdb
Imports
ntoskrnl.exe
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
ZwReadFile
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoDetachDevice
IoAllocateErrorLogEntry
ZwCreateFile
ZwQueryValueKey
ExAllocatePool
ExFreePool
ZwClose
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
RtlCopyUnicodeString
IoCreateDevice
ZwQueryInformationFile
IofCallDriver
ZwOpenKey
KeBugCheckEx
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 804B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VLFW49_correction.hex
-
VLSVIDRECOVERY.inf
-
Wait4FixUSB.exe.exe windows:4 windows x86 arch:x86
4707b0181175d473941148f13b17ac26
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
b5:6f:56:0b:87:43:bd:03:8b:73:6f:22:c5:7f:01:15:e7:a1:7f:0aSigner
Actual PE Digestb5:6f:56:0b:87:43:bd:03:8b:73:6f:22:c5:7f:01:15:e7:a1:7f:0aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord412
ord413
ord410
kernel32
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
MultiByteToWideChar
HeapSize
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcpynW
lstrlenW
GetOEMCP
GetVersionExW
GetTickCount
Sleep
lstrcatW
lstrcpyW
FindResourceW
LoadResource
LockResource
lstrcmpW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
CreateFileA
user32
GetCursorPos
SetWindowRgn
LoadStringW
DialogBoxParamW
MessageBoxW
EndDialog
LoadIconW
MoveWindow
GetClientRect
MapWindowPoints
CreateDialogParamW
SetActiveWindow
SetWindowTextW
LoadCursorW
RegisterClassExW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
FindWindowW
DefWindowProcW
CreateWindowExW
ShowWindow
GetDC
ReleaseDC
DestroyWindow
DrawTextW
FillRect
SetWindowPos
LoadBitmapW
GetCapture
SetCapture
GetFocus
GetClassNameW
SetFocus
ReleaseCapture
GetWindowRect
SetWindowLongW
GetWindowLongW
IsWindowEnabled
InvalidateRect
PostMessageW
SendMessageW
GetDlgItem
gdi32
CreatePen
MoveToEx
LineTo
CreateEllipticRgn
CreateRectRgn
CombineRgn
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
SetBkMode
SetTextColor
MaskBlt
CreateDIBPatternBrushPt
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush
advapi32
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
Sections
.text Size: 60KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Wait4NoUSB.EXE.exe windows:4 windows x86 arch:x86
2a8af50f6ea358099fbf41b81953c722
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
8b:56:ef:56:1b:4f:dc:e5:95:da:28:68:95:0e:bd:f8:d4:53:67:32Signer
Actual PE Digest8b:56:ef:56:1b:4f:dc:e5:95:da:28:68:95:0e:bd:f8:d4:53:67:32Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord410
ord413
ord412
kernel32
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
MultiByteToWideChar
HeapSize
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcatW
Sleep
lstrcpynW
lstrlenW
GetVersionExW
FindResourceW
LoadResource
LockResource
lstrcmpW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
CreateFileA
user32
SetWindowTextW
GetCursorPos
SetWindowRgn
LoadStringW
MessageBoxW
EndDialog
LoadIconW
MoveWindow
GetClientRect
MapWindowPoints
DialogBoxParamW
SetActiveWindow
LoadCursorW
RegisterClassExW
FindWindowW
DefWindowProcW
CreateWindowExW
ShowWindow
GetDC
ReleaseDC
DestroyWindow
DrawTextW
FillRect
SetWindowPos
LoadBitmapW
GetCapture
SetCapture
GetFocus
GetClassNameW
SetFocus
ReleaseCapture
GetWindowRect
SetWindowLongW
GetWindowLongW
IsWindowEnabled
InvalidateRect
PostMessageW
SendMessageW
GetDlgItem
gdi32
CreatePen
MoveToEx
LineTo
CreateEllipticRgn
CreateRectRgn
CombineRgn
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
SetBkMode
SetTextColor
MaskBlt
CreateDIBPatternBrushPt
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
Sections
.text Size: 60KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ulsprint64.sys.sys windows:6 windows x64 arch:x64
cfa12444224650b50ae53d713943c2fc
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:fc:5c:c8:11:a7:1a:21:80:3d:1e:86:1f:c3:48:f5Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before09/07/2009, 00:00Not After09/07/2011, 23:59SubjectCN=Universal Laser Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=www.ulsinc.com,O=Universal Laser Systems\, Inc.,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
06:82:79:b0:87:5d:7a:c6:b8:f4:e1:85:6e:04:4f:44:78:84:23:e8Signer
Actual PE Digest06:82:79:b0:87:5d:7a:c6:b8:f4:e1:85:6e:04:4f:44:78:84:23:e8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\ulsprint64\objchk_wlh_AMD64\amd64\ulsprint.pdb
Imports
ntoskrnl.exe
IoDetachDevice
PoSetPowerState
ExFreePool
IoAttachDeviceToDeviceStack
IoIsWdmVersionAvailable
IoCreateDevice
KeInitializeTimerEx
ExDeleteNPagedLookasideList
KeClearEvent
IoBuildDeviceIoControlRequest
IoSetDeviceInterfaceState
KeSetEvent
IoFreeWorkItem
RtlQueryRegistryValues
KeReleaseSpinLock
KeSetTimerEx
RtlFreeUnicodeString
IoAllocateWorkItem
IofCompleteRequest
KeWaitForSingleObject
IoQueueWorkItem
RtlAssert
KeInitializeDpc
IofCallDriver
KeAcquireSpinLockRaiseToDpc
PoRequestPowerIrp
IoCancelIrp
PoStartNextPowerIrp
PoCallDriver
IoFreeIrp
IoAllocateIrp
DbgPrint
IoWMIRegistrationControl
RtlInitUnicodeString
MmUnmapLockedPages
IoBuildPartialMdl
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
IoFreeMdl
ExQueryDepthSList
IoAllocateMdl
KeBugCheckEx
KeInitializeEvent
IoRegisterDeviceInterface
IoDeleteDevice
ExInitializeNPagedLookasideList
KeCancelTimer
ExAllocatePoolWithTag
wmilib.sys
WmiSystemControl
WmiCompleteRequest
usbd.sys
USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 944B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ