ploutus | 8dabe8af434fe110d74ca365ed3eeef33001aa26f1487afeb1a6f5d59e7e544c

Sharing

Copy URL

Twitter E-mail

General

Target

8dabe8af434fe110d74ca365ed3eeef33001aa26f1487afeb1a6f5d59e7e544c
Size

5.3MB
MD5

13a8c7f593762d7d05d025358550367b
SHA1

9bb7b8bafda58ea1f144eca202b26a8b4d939904
SHA256

8dabe8af434fe110d74ca365ed3eeef33001aa26f1487afeb1a6f5d59e7e544c
SHA512

0492b3fd2cbf11f5a0b4630c985a55abcee0ce649089da22d81a35747cb8f45113c19713480f9cc3dda3d21048f985c1c523d29322919bdcf674cc3282843a65
SSDEEP

98304:GuGNSE1YoL/GizoQO1iL54S3Fo2d+06CX4LBkWafq8oLPN/livrnD9GAs:X49yUGizoFi5d3Fov1+WeqjPN/+Fs

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

resource	yara_rule
static1/unpack001/Carpetas de Archivos/X360CE - 32 Bits/x360ce.exe	family_ploutus

Ploutus family
ploutus

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/VDX.exe
unpack002/VDX_x64.exe
unpack003/ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x64/WdfCoinstaller01009.dll
unpack003/ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x86/WdfCoinstaller01009.dll
unpack004/devcon.exe

Files

8dabe8af434fe110d74ca365ed3eeef33001aa26f1487afeb1a6f5d59e7e544c
.rar
Carpetas de Archivos/Comandos.txt
Carpetas de Archivos/VDX_v1.14.3.0_x64_x86_GPDWinEdition.zip
.zip
VDX.exe
.exe windows:6 windows x86 arch:x86

0d7ce138016621680564e7a239ed04b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Development\C\ViGEm\Release\VDX.pdb

Imports

opengl32

wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext
glIsEnabled
glGetString
glGetError
glClearColor
glClear
glTexSubImage2D
glGenTextures
glDeleteTextures
glTexParameteri
wglShareLists
glLoadMatrixf
glGetIntegerv
glFlush
glPushAttrib
glOrtho
glDisable
glViewport
glDrawElements
glColorPointer
glTexCoordPointer
glLoadIdentity
glBlendFunc
glMatrixMode
glScissor
glEnable
glVertexPointer
glBindTexture
glPopAttrib
glEnableClientState
glTexImage2D

winmm

joyGetDevCapsW
joyGetPosEx
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

gdi32

GetDeviceCaps
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat

kernel32

GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetVersion
QueryPerformanceFrequency
QueryPerformanceCounter
LocalFree
UnhandledExceptionFilter
FormatMessageW
GetModuleHandleW
GetModuleHandleA
GetLastError
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
CreateEventW
CreateFileW
DeviceIoControl
SetUnhandledExceptionFilter
FreeLibrary
GetOverlappedResult
InitializeCriticalSection
GlobalAlloc

user32

GetWindowLongW
MapWindowPoints
ClipCursor
SetCursor
AdjustWindowRect
GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
SetWindowPos
FlashWindowEx
CreateWindowExW
UnregisterClassW
RegisterClassW
CallWindowProcW
DefWindowProcW
PeekMessageW
LoadCursorW
TranslateMessage
TrackMouseEvent
ReleaseDC
GetDC
ShowWindow
DestroyWindow
CreateWindowExA
SetWindowLongW
ScreenToClient
GetCursorPos
CreateIcon
DestroyIcon
LoadIconW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SendMessageW
MessageBoxW
GetAsyncKeyState
GetSystemMetrics
GetWindowThreadProcessId
ChangeDisplaySettingsW
DispatchMessageW
EnumDisplaySettingsW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

msvcp140

??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ

imm32

ImmSetCompositionWindow
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__std_exception_destroy
__std_exception_copy
_purecall
memset
memcpy
_CxxThrowException
strchr
strstr
memmove
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
fclose
feof
__p__commode
fwrite
_set_fmode
ferror
ftell
fseek
__stdio_common_vfprintf
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
exit
_invalid_parameter_noinfo_noreturn
terminate
_controlfp_s

api-ms-win-crt-math-l1-1-0

floor
_CIfmod
_except1
_libm_sse2_sin_precise
ceil
_libm_sse2_sqrt_precise
__setusermatherr
_libm_sse2_cos_precise

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDX_x64.exe
.exe windows:6 windows x64 arch:x64

ab36660eb81868c81197eadbcdc9178e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Development\C\ViGEm\x64\Release\VDX_x64.pdb

Imports

opengl32

wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext
glIsEnabled
glGetString
glGetError
glClearColor
glClear
glTexSubImage2D
glGenTextures
glDeleteTextures
glTexParameteri
wglShareLists
glLoadMatrixf
glGetIntegerv
glFlush
glPushAttrib
glOrtho
glDisable
glViewport
glDrawElements
glColorPointer
glTexCoordPointer
glLoadIdentity
glBlendFunc
glMatrixMode
glScissor
glEnable
glVertexPointer
glBindTexture
glPopAttrib
glEnableClientState
glTexImage2D

winmm

joyGetPosEx
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
joyGetDevCapsW

gdi32

GetDeviceCaps
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersion
RtlCaptureContext
QueryPerformanceCounter
LocalFree
FreeLibrary
FormatMessageW
GetModuleHandleW
GetModuleHandleA
GetLastError
GetProcAddress
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
CreateEventW
CreateFileW
DeviceIoControl
RtlLookupFunctionEntry
QueryPerformanceFrequency
GetOverlappedResult
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW

user32

SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
MapWindowPoints
ClipCursor
SetCursor
AdjustWindowRect
GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
SetWindowPos
FlashWindowEx
CreateWindowExW
UnregisterClassW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
TrackMouseEvent
ReleaseDC
GetDC
ShowWindow
DestroyWindow
SetWindowLongW
EnumDisplaySettingsW
LoadCursorW
CreateIcon
LoadIconW
OpenClipboard
CloseClipboard
SendMessageW
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxW
GetAsyncKeyState
GetSystemMetrics
GetCursorPos
DestroyIcon
ScreenToClient
ChangeDisplaySettingsW
PeekMessageW
CreateWindowExA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@_W@std@@QEBAD_WD@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

imm32

ImmSetCompositionWindow
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

__C_specific_handler
__vcrt_InitializeCriticalSectionEx
memcmp
__std_exception_destroy
__std_exception_copy
_purecall
memset
memcpy
_CxxThrowException
strchr
strstr
memmove
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
ferror
fclose
fseek
feof
fwrite
__p__commode
_set_fmode
ftell
__stdio_common_vfprintf
_wfopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
exit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

sqrt
ceil
sqrtf
floor
fmodf
sinf
cosf
__setusermatherr

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Carpetas de Archivos/ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0.zip
.zip
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x64/ViGEmBus.inf
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x64/ViGEmBus.sys
.sys windows:10 windows x64 arch:x64

9ab9f4fe017fb4cd073c7e7459a72428

Code Sign

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-02-2017 20:47

Not After

09-05-2018 20:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:b5:4b:4f:d5:c6:b3:02:8f:e4:35:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03-01-2017 12:02

Not After

04-01-2020 12:02

Subject

SERIALNUMBER=457000i,CN=Wohlfeil.IT e.U.,O=Wohlfeil.IT e.U.,STREET=Westbahnstrasse 28,L=Linz,ST=Oberoesterreich,C=AT,1.3.6.1.4.1.311.60.2.1.1=#13044c696e7a,1.3.6.1.4.1.311.60.2.1.2=#130f4f6265726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48
Signer

Actual PE Digest

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48

Digest Algorithm

sha256

PE Digest Matches

true

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48
Signer

Actual PE Digest

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Development\C\ViGEm\x64\Release\ViGEmBus.pdb

Imports

ntoskrnl.exe

RtlAnsiCharToUnicodeChar
RtlRandomEx
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
PsGetCurrentProcessId
KeBugCheckEx
RtlCompareMemory

hal

KeQueryPerformanceCounter

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x64/WdfCoinstaller01009.dll
.dll windows:6 windows x64 arch:x64

70497fec79daa5f71de3b34faee686a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01009.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_ultow
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_stricmp
_vsnwprintf

setupapi

SetupDiSetDeviceInstallParamsW
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupLogErrorW
SetupOpenLog
SetupDiGetActualSectionToInstallW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW
SetupGetStringFieldW
SetupPromptReboot
SetupFindFirstLineW
SetupGetLineCountW
SetupDiGetDriverInfoDetailW

kernel32

GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
ExpandEnvironmentStringsW
GetFileInformationByHandle
DeleteFileW
CloseHandle
FindNextFileW
RemoveDirectoryW
LockResource
GetLocalTime
FindClose
SetLastError
CreateFileW
FileTimeToSystemTime
TerminateProcess
GetExitCodeProcess
FormatMessageW
SizeofResource
WriteFile
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
CreateProcessW
LoadResource
FindResourceW
FindFirstFileW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
LocalFree
GetWindowsDirectoryW
LocalAlloc
GlobalFree
GetProcAddress
GetLastError
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask

advapi32

DeleteService
OpenSCManagerW
QueryServiceConfigW
ChangeServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
RegQueryValueExW
OpenServiceW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

shell32

CommandLineToArgvW

user32

LoadStringW
IsCharAlphaNumericW
IsCharAlphaW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x64/vigembus.cat
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x86/ViGEmBus.inf
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x86/ViGEmBus.sys
.sys windows:10 windows x86 arch:x86

9ab9f4fe017fb4cd073c7e7459a72428

Code Sign

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-02-2017 20:47

Not After

09-05-2018 20:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:b5:4b:4f:d5:c6:b3:02:8f:e4:35:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03-01-2017 12:02

Not After

04-01-2020 12:02

Subject

SERIALNUMBER=457000i,CN=Wohlfeil.IT e.U.,O=Wohlfeil.IT e.U.,STREET=Westbahnstrasse 28,L=Linz,ST=Oberoesterreich,C=AT,1.3.6.1.4.1.311.60.2.1.1=#13044c696e7a,1.3.6.1.4.1.311.60.2.1.2=#130f4f6265726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:56:ab:61:d5:fe:f1:26:0b:97:e5:d8:99:e6:51:b9:9b:35:cf:64:bb:db:ce:4d:f7:da:fd:b2:e8:c2:24:47
Signer

Actual PE Digest

5c:56:ab:61:d5:fe:f1:26:0b:97:e5:d8:99:e6:51:b9:9b:35:cf:64:bb:db:ce:4d:f7:da:fd:b2:e8:c2:24:47

Digest Algorithm

sha256

PE Digest Matches

true

5c:56:ab:61:d5:fe:f1:26:0b:97:e5:d8:99:e6:51:b9:9b:35:cf:64:bb:db:ce:4d:f7:da:fd:b2:e8:c2:24:47
Signer

Actual PE Digest

5c:56:ab:61:d5:fe:f1:26:0b:97:e5:d8:99:e6:51:b9:9b:35:cf:64:bb:db:ce:4d:f7:da:fd:b2:e8:c2:24:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Development\C\ViGEm\Release\ViGEmBus.pdb

Imports

ntoskrnl.exe

RtlAnsiCharToUnicodeChar
RtlRandomEx
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
PsGetCurrentProcessId
KeBugCheckEx
RtlCompareMemory

hal

KeQueryPerformanceCounter

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x86/WdfCoinstaller01009.dll
.dll windows:6 windows x86 arch:x86

a17af54bf9d379152b9c377204b35eb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01009.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupOpenLog
SetupDiGetDriverInfoDetailW
SetupLogErrorW
SetupCloseLog
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupPromptReboot
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetWindowsDirectoryW
LocalAlloc
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree

advapi32

OpenSCManagerW
ChangeServiceConfigW
QueryServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
DeleteService
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ViGEmBusDriver_signed_Win7-10_x86_x64_v1.13.0.0/drivers/x86/vigembus.cat
Carpetas de Archivos/X360CE - 32 Bits/x360ce.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20-09-2011 11:04

Not After

20-09-2026 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:91:1f:d0:fd:9b:c3:d7:53:d2:4e:3e:de:42:d0:d9
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

05-12-2013 05:40

Not After

05-12-2015 05:40

Subject

CN=Jocys.com,OU=Jocys.com,O=Jocys.com,C=GB,1.2.840.113549.1.9.1=#0c116576616c646173406a6f6379732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

c0:50:05:82:1d:e3:04:e7:0c:b6:00:ff:20:ca:91:ae:b2:c1:54:f0
Signer

Actual PE Digest

c0:50:05:82:1d:e3:04:e7:0c:b6:00:ff:20:ca:91:ae:b2:c1:54:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\TocaEdit\x360ce.App\obj\x86\Debug\x360ce.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Carpetas de Archivos/X360CE - 64 Bits/x360ce_x64.exe
.exe windows:4 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20-09-2011 11:04

Not After

20-09-2026 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:91:1f:d0:fd:9b:c3:d7:53:d2:4e:3e:de:42:d0:d9
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

05-12-2013 05:40

Not After

05-12-2015 05:40

Subject

CN=Jocys.com,OU=Jocys.com,O=Jocys.com,C=GB,1.2.840.113549.1.9.1=#0c116576616c646173406a6f6379732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

93:15:9e:99:c2:3f:40:9b:87:52:48:4f:bd:b7:0d:6b:8e:3f:d6:94
Signer

Actual PE Digest

93:15:9e:99:c2:3f:40:9b:87:52:48:4f:bd:b7:0d:6b:8e:3f:d6:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\TocaEdit\x360ce.App\obj\x64\Debug\x360ce.pdb

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Carpetas de Archivos/devcon.rar
.rar
devcon.exe
.exe windows:10 windows x64 arch:x64

0baa2d4e550dc24f554ab947efabf698

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

devcon.pdb

Imports

advapi32

RegQueryValueExW
InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle

kernel32

GetCurrentProcess
lstrlenW
FormatMessageW
GetLastError
CloseHandle
LocalFree
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
__iob_func
_initterm
_XcptFilter
free
_callnewh
malloc
wprintf
towupper
wcsrchr
_wcsnicmp
fputs
wcschr
iswalpha
fputws
_wcsicmp
towlower

ole32

CLSIDFromString

setupapi

SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiSetClassInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
CM_Free_Log_Conf_Handle
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameExW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupScanFileQueueW
SetupDiGetClassDescriptionExW
SetupOpenFileQueue
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex
SetupCloseInfFile
CM_Get_Res_Des_Data_Ex
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Size_Ex
SetupDiBuildDriverInfoList
SetupGetStringFieldW
SetupDiCallClassInstaller

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d7ce138016621680564e7a239ed04b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

winmm

gdi32

kernel32

user32

advapi32

msvcp140

imm32

dwmapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

setupapi

Sections

.text Size: 290KB - Virtual size: 289KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 10KB - Virtual size: 10KB

ab36660eb81868c81197eadbcdc9178e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

winmm

gdi32

kernel32

user32

advapi32

msvcp140

imm32

dwmapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

setupapi

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 3KB - Virtual size: 28KB

.pdata Size: 14KB - Virtual size: 14KB

_RDATA Size: 35KB - Virtual size: 35KB

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 1024B - Virtual size: 764B

9ab9f4fe017fb4cd073c7e7459a72428

Code Sign

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

.text
Size: 290KB - Virtual size: 289KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 3KB - Virtual size: 28KB

.pdata
Size: 14KB - Virtual size: 14KB

_RDATA
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 1024B - Virtual size: 764B

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

52:b5:4b:4f:d5:c6:b3:02:8f:e4:35:1b
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48
Signer

66:97:04:44:bc:ee:ed:22:1c:a9:0c:f4:d0:7f:38:c5:bd:34:98:eb:5d:c4:bc:20:a0:76:63:6c:7e:b1:59:48
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 876B

.gfids
Size: 512B - Virtual size: 4B

PAGE
Size: 5KB - Virtual size: 4KB

INIT
Size: 1024B - Virtual size: 732B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 72B

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 1KB - Virtual size: 18KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 280B

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

52:b5:4b:4f:d5:c6:b3:02:8f:e4:35:1b
Certificate