x64[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x64.zip
Size

1.3MB
MD5

5cf2a205cea5c0fec75272dc18393551
SHA1

c04771e3cc8b9b7ecf19e00ccb35c07eef9744d7
SHA256

857e2de3cbd1db032eabff4046a3baa436e8122f354c49a57758289ad358de98
SHA512

a5d587901b4d56ca9da94e5cb39f8c25ac3e80fd1d138d2a5e4c86d9e4c9e1b90fc21874eff4b31f6cfb9749f6e6f5d740f7b8d40ad8826b576a797faa558f68
SSDEEP

24576:9eumMU0qILTJxH/h5Yw3QmvpceLo/3GlwdVlHCJjulu18+IqFRGCdfN+JB:9e8qiT7/h5Yw3Qupcl/3GKTUjBZFQs+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64/x64/WinDivert.dll
unpack001/x64/x64/goodbyedpi.exe

Files

x64.zip
.zip
x64/x64/Launcher for GoodbyeDPI.exe
.exe windows:4 windows x86 arch:x86

0081b856f019f6a623da60e54c1f69dd

Code Sign

44:55:02:1f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA

Not Before

16/07/2024, 08:49

Not After

16/07/2025, 08:49

Subject

CN=TOPERSOFT®

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

97:19:28:51:01:17:7f:51:5c:0d:22:d4:60:d3:85:45:0e:6a:e2:94
Signer

Actual PE Digest

97:19:28:51:01:17:7f:51:5c:0d:22:d4:60:d3:85:45:0e:6a:e2:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord621
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
ord626
__vbaResume
__vbaForEachCollAd
__vbaStrCat
__vbaLsetFixstr
__vbaWriteFile
ord553
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaVarForInit
__vbaExitProc
ord593
ord594
__vbaStrLike
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaBoolVarNull
__vbaFpR8
__vbaVarTstLt
_CIsin
__vbaVarZero
ord632
__vbaVargVarMove
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaGet4
__vbaVarTstEq
__vbaObjVar
__vbaVarLikeVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarLateMemSt
ord670
__vbaFpUI1
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaInputFile
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVarLateMemCallLdRf
ord570
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
ord610
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaFpI2
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
ord619
__vbaStrVarCopy
ord542
__vbaLateIdNamedCall
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
__vbaNextEachCollAd
ord547
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/x64/WinDivert.dll
.dll windows:4 windows x64 arch:x64

0b649f8e17494bb31b47f6e959a1769c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegSetValueExW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
CreateMutexW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
HeapAlloc
HeapCreate
HeapDestroy
ReleaseMutex
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

Exports

Exports

WinDivertClose
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperCompileFilter
WinDivertHelperDecrementTTL
WinDivertHelperEvalFilter
WinDivertHelperFormatFilter
WinDivertHelperFormatIPv4Address
WinDivertHelperFormatIPv6Address
WinDivertHelperHashPacket
WinDivertHelperHtonIPv6Address
WinDivertHelperHtonIpv6Address
WinDivertHelperHtonl
WinDivertHelperHtonll
WinDivertHelperHtons
WinDivertHelperNtohIPv6Address
WinDivertHelperNtohIpv6Address
WinDivertHelperNtohl
WinDivertHelperNtohll
WinDivertHelperNtohs
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam
WinDivertShutdown

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/x64/WinDivert64.sys
.sys windows:10 windows x64 arch:x64

505c54af7fa8f0482014ca4fe5cdd53d

Code Sign

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/10/2017, 00:00

Not After

12/10/2020, 23:59

Subject

SERIALNUMBER=8313827,CN=Cloudveil Technology Inc.,O=Cloudveil Technology Inc.,POSTALCODE=67107,STREET=100 Ave C,L=Moundridge,ST=Kansas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064b616e736173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2019, 18:34

Not After

03/06/2020, 18:34

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\WinDivert\install\MSVC\amd64\WinDivert64.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
IoWriteErrorLogEntry
RtlCopyUnicodeString
ObfReferenceObject
ObfDereferenceObject
KeBugCheckEx
IoGetRequestorProcess
PsGetProcessId
ExUuidCreate
ExAllocatePoolWithTag
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlGetVersion
RtlIntegerToUnicodeString

hal

KeQueryPerformanceCounter

ndis.sys

NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

fwpkclnt.sys

FwpsAllocateNetBufferAndNetBufferList0
FwpmFilterDeleteByKey0
FwpmFilterAdd0
FwpmCalloutDeleteByKey0
FwpmCalloutAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsQueryPacketInjectionState0
FwpsInjectNetworkReceiveAsync0
FwpsInjectForwardAsync0
FwpsInjectNetworkSendAsync0
FwpsCalloutRegister0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsFreeNetBufferList0

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/x64/blacklist.txt
x64/x64/goodbyedpi.exe
.exe windows:4 windows x64 arch:x64

82346c3181cfa36a7cae3c63af4f3e2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertShutdown

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetEnvironmentVariableW
GetLastError
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetDllDirectoryA
SetSearchPathMode
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__argv
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_difftime64
_errno
_exit
_fmode
_initterm
_lock
_onexit
_time64
_unlock
abort
atoi
calloc
exit
fclose
feof
fgetc
fopen
fprintf
fputc
free
fwrite
localeconv
malloc
memcmp
memcpy
memmove
puts
realloc
signal
strchr
strcpy
strcspn
strerror
strlen
strncmp
strstr
strtok
strtoul
toupper
vfprintf
wcslen
_write
_strdup
_open
_close

ws2_32

htonl
htons
inet_pton
ntohl
ntohs

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 55B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/x64/myblacklist.txt

Sharing

General

Malware Config

Signatures

Files

0081b856f019f6a623da60e54c1f69dd

Code Sign

44:55:02:1fCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

97:19:28:51:01:17:7f:51:5c:0d:22:d4:60:d3:85:45:0e:6a:e2:94Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 21KB

0b649f8e17494bb31b47f6e959a1769c

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 9KB - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 840B

.xdata Size: 1024B - Virtual size: 800B

.bss Size: - Virtual size: 16B

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 240B

505c54af7fa8f0482014ca4fe5cdd53d

Code Sign

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2aCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2eSigner

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

fwpkclnt.sys

wdfldr.sys

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 16KB

.pdata Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 4B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

44:55:02:1f
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

97:19:28:51:01:17:7f:51:5c:0d:22:d4:60:d3:85:45:0e:6a:e2:94
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 21KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 9KB - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 840B

.xdata
Size: 1024B - Virtual size: 800B

.bss
Size: - Virtual size: 16B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 240B

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 1024B - Virtual size: 928B

.rdata
Size: 15KB - Virtual size: 15KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 55B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 208B