8cddb2f7cb8c1e51ede31080e177e786_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cddb2f7cb8c1e51ede31080e177e786_JaffaCakes118
Size

1.3MB
MD5

8cddb2f7cb8c1e51ede31080e177e786
SHA1

57c6e261751b33ccda3c42bbf28cbca29aff971d
SHA256

34a667f495a2f5b6a232545475900e09f1f4ff744ef3d09478a0a1649efab684
SHA512

a9d58025e483b1b7c421196577b1df189c1eb650905e74a1b9c3acfe87624dc00a7ff073f4eb3bf9513908fb8e05e6425ad6e52ecb69653b2f19bd0a6ae8e493
SSDEEP

24576:jaqHc2u4HzqCZy5vYv5Mwb7sbda42p2rBmp/rj+dzseR9RLkN9Qk6tyzi:Oq82DRZytsPsJNEIy36z5aQn8zi

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/_2B84F802586045BBBBD37F571543B18C
unpack001/bcbthub.sys
unpack001/bcbthub.sys2
unpack001/bluesoleil_assistant.exe1
unpack001/bluesoleil_voip_plugin.exe
unpack001/bsmonsvr.dll
unpack001/bsmonsvr.dll1
unpack001/bsmonui.dll
unpack001/bsmonui.dll1
unpack001/bssend2bt.exe1
unpack001/bsui.dll1
unpack001/btpcmcia.sys
unpack001/fw203x.sys
unpack001/fw203x.sys2
unpack001/hid2hci.exe1
unpack001/ivt_pcmcia.dll
unpack001/sktbt2k.sys
unpack001/skypeagent.dll
unpack001/wp_pcmcia.dll
unpack001/wppcmcia.sys

Files

8cddb2f7cb8c1e51ede31080e177e786_JaffaCakes118
.cab
_05A2EF8A80824454A6EAB4FEEDE6C4B6
.png
_065FD05D868B4A7991963D34E198290C
.png
_0DEC52AAECDA45D0B754FCF1251251FD
.png
_0DF9C0968763460899B8D2EB5AEF914A
.png
_0E7401BB532B47E484AAB0FE1B47E557
.png
_156B7236D8EB4337837D9BE14E421009
.png
_1A514E8EA54642D790D532B27F81E9A7
.png
_2290C94C8EE24B59BAC24E959A8A60C2
.png
_22B0BAC48630439FA2FB077CAC3B8523
.png
_231C027EFE50493B94A4777312DDB0DD
.png
_23EF055CBDFD4E21A172D1447CF4AD7D
.png
_24C00BF788C44739A41CB1DBB744F476
.png
_2AB3E175D3984C8F877A38AF6B33C2F2
.png
_2B84F802586045BBBBD37F571543B18C
.dll windows:6 windows x86 arch:x86

3f6720a918d6bc4467561f6e2f5b38cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\avinash\sd8688_bt\sd8688_bt_1stnov\bluetoothdll\objchk_wlh_x86\i386\sd8688bt.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
strstr
printf
free
malloc

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
InitializeCriticalSection
CreateFileA
CreateEventA
ReadFile
SetEvent
WaitForSingleObject
WriteFile
EnterCriticalSection
CloseHandle
LeaveCriticalSection
GetLastError
DeleteCriticalSection
CreateThread
ExitProcess
SetUnhandledExceptionFilter

Exports

Exports

BuffFree
BuffNew
CloseCommPort
ConfigCommPort
OpenCommPort
ReceiveData
RegisterAddRcvData
RegisterHandleRcvData
SendDataToInt

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_2C576794D47E44348711AF9B0B2D3000
.png
_30FBD0262C9D451EB8EB1DCB004C1083
.png
_340DE2120BB94DD3909DECF255F93767
.png
_3A1D64C74AFE4793B39A024EA8FE8292
.png
_4425DD692188468D8704860700D75A27
.png
_44885935DFCB4A16B669DFD0E50988F4
.png
_44EC7A2E5B624F298A84B5D0081C81E3
.png
_44FAD9B809244C4794BAEE84BC1F9CD2
.png
_494A7FA090C24A54A3ABA0522F2E1723
.png
_4AF61507CCD5402DBCE9A5088A5592D6
.png
_4BAC847F0150474BA04C0AF429DF5E5E
.png
_4BF32CF7E7F54F53993B843ED76456E6
.png
_4C913EB8A1D64F96AED9B759DE8463CA
.png
_4DF1F4A508744EB4B2BF5805281890AC
.png
_4E27F93E0BA0403682D20FD5E266CB47
.png
_4ED566F617724B908061E0F83C6776AF
.png
_4FD67143D2384F3CA3C34134E4B4C66A
.png
_5234BEA3945143CBB5503DC1A94665CB
.png
_54DD41B424834DF7B79758B2F1BC62B8
.png
_57242F0FF1F8493699813C339811D1EB
.png
_57F30467CAE648ECBD44FF9A72FC0DA9
.png
_58E96A2EA9AA42078D9135E3B687E3BF
.png
_5B485D84E9BD4D638D7EF0B4F1CC34AB
.png
_5C30373F5F804478BD009B9137E2A13B
.png
_605DCF48238E4C4D83584141ECE2E69E
.png
_62FA425654E04FCDA491B488321857BC
.png
_63574A39947542A3A313C4635A3C94B8
.png
_6407B2691D1443F6B8CCEF3F513EBE04
.png
_668C5B71989A465BB3BEB61E8F587F72
.png
_671E49E73DA941B7BEFDACEE47FB158F
.png
_676794D60BEF47D0B83DA58BB227EBA6
.png
_68607EFA790F4A91A44B4AB8CE33E3F5
.png
_69BBABF9FB00482EA18324C08FE591A8
.png
_6B63F5E0376C4873ABF222D1B408D0C8
.png
_6c551.inf
_725006F45F8A42468DCBEA8404D3C21C
.png
_7299BD47AE80433FBC65F0C5F9553AB5
.png
_76B9A00890BD4EE7B9AF04B0D0FAB144
.png
_76D9E9EEC4474856BC55882170C75BAC
.png
_7962246822CC4C2B8ACFE94E8D0DDDCB
.png
_7CFC6B7E17A44287A15DAAB374EEBA40
.png
_7EB574C400D64C098461EC6C3618DC3C
.png
_80276DE938D84CFBA6BBD97D0A426137
.png
_80E545BEF09E4322A9FEC2713F23250F
.png
_880A0128E4C5432CAFDD574FB8FE322F
.png
_8A262906B3AC40CFB418133D7BF64280
.png
_8DA3DE857D194B9FA7BFFCA2E82452D3
.png
_9187D32091B343D18A7F453B9A68EF61
.png
_9406508EB56A49EDA12271301B3E88FC
.png
_9701F2A5A29A446FB3487C20312BB432
.png
_9A9F5773B8334280939FFCD752757B3D
.png
_9E5868183B9F4DE6833EFDF23A264661
.png
_9F44264620624497BBCE0B4D93E2DBAD
.png
_A26A04B513AC40A1AF13E8D40F734FC7
.png
_A6EA66FDAF7E4ABC9D860D53C47C8F0B
.png
_A7B8695A6CC244408AFFC664450B3F45
.png
_A9B879F39B404374981BE86470DEE965
.png
_AC8E6ADCC07B4DE2A14CDC39F31AC1E5
.png
_AD6502F528314C8CB48F5477825148C8
.png
_AD7EDBE046FA4521AA59D8F47A70668A
.png
_AEC8AB4C201B43D0B27CB58BAB0937C6
.png
_B0854834C64140F88166023C9EE24DB8
.png
_B085E98B81D6447C88675E71FFF30E57
.png
_B3EF8CADAF8D40588FB719D07585851D
.png
_B806ABE57079409287A1DD62E78DB970
.png
_B96A6468A4D248009F9EE3E65BC90148
.png
_BA33A8E7CC7E427C869175BAE3AECD0C
.png
_BA90C2D874174141A511299B1105255C
.png
_BBEDFD0FF1E74DEB846578FF896A3B6D
.png
_BD3E5BECCC2F4B2D885438231B97350F
.png
_BDAED1D9C91E4A9E89A789B4AD48CE78
.png
_BEB750C475CC49B497E2167DB8F08F02
.png
_C11BDC69441F46F686FD185EFBE4CDB3
.png
_C7F7FF7767D34549964C472A689D33EF
.png
_CA4BD908F0DC47E48F1086C111AA7F31
.png
_D00A1FE6083D44A48C26D1398D64CA76
.png
_D13F26DE157149749CDCAD579903EBEC
.png
_D4D07D90F12D4A1887724F593D63B2A1
.png
_D94B489EE91B4D43BE305CC8C1C087DC
.png
_DA4A3781ED5D4F27AE3F2177B603B9E0
.png
_DD02369443F141C8A982A12849254570
.png
_DE2095DA140D4104BC209930C0D42E8E
.png
_DE8F9DB10AD64F65A6928621B69462E5
.png
_DFD0F9FF3EF24EFAA8223CDB4EEB8EA9
.png
_E7B89D1ABFB24746A10E278FF24051D6
.png
_EDDE5DA90841483691C6A98C96097967
.png
_EE21E66F0B224EDCA974F030E3DFA781
.png
_F45B505FE31046B492FBC2961FC0E4DC
.png
_F495A975C0884A68BADA36D048EE9059
.png
_F605CBB13F3745B398946351F6428598
.png
bcbthub.sys
.sys windows:5 windows x86 arch:x86

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceProperty
IoCreateDevice
IofCallDriver
ObfReferenceObject
MmUnlockPagableImageSection
MmLockPagableDataSection
InterlockedExchange
IoDeleteDevice
KeWaitForSingleObject
IoDetachDevice
IofCompleteRequest
wcscpy
wcslen
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
ObfDereferenceObject
IoCancelIrp
IoReleaseCancelSpinLock
IoAttachDeviceToDeviceStack
RtlFreeAnsiString
IoIsWdmVersionAvailable
KeInitializeEvent
DbgPrint
KeSetEvent
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
RtlFreeUnicodeString
ZwQueryValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
IoOpenDeviceRegistryKey
ZwOpenKey
ZwSetValueKey
KeDelayExecutionThread
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
ZwReadFile
ZwCreateFile
wcsncmp
sprintf

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion
_USBD_CreateConfigurationRequestEx@8

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECODE
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDNLD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcbthub.sys2
.sys windows:5 windows x86 arch:x86

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
ExFreePool
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExAllocatePoolWithTag
IoGetDeviceProperty
IoCreateDevice
IofCallDriver
ObfReferenceObject
MmUnlockPagableImageSection
MmLockPagableDataSection
InterlockedExchange
IoDeleteDevice
KeWaitForSingleObject
IoDetachDevice
IofCompleteRequest
wcscpy
wcslen
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
ObfDereferenceObject
IoCancelIrp
IoReleaseCancelSpinLock
IoAttachDeviceToDeviceStack
RtlFreeAnsiString
IoIsWdmVersionAvailable
KeInitializeEvent
DbgPrint
KeSetEvent
InterlockedDecrement
InterlockedIncrement
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
RtlFreeUnicodeString
ZwQueryValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
IoOpenDeviceRegistryKey
ZwOpenKey
ZwSetValueKey
KeDelayExecutionThread
RtlExtendedLargeIntegerDivide
KeQuerySystemTime
ZwReadFile
ZwCreateFile
wcsncmp
sprintf

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion
_USBD_CreateConfigurationRequestEx@8

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECODE
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDNLD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
blueletaudio.cat1
blueletaudio.cat2
blueletaudio.inf1
blueletaudio.sys
.sys windows:5 windows x86 arch:x86

f8ebf6ca009644ecc43f561be4525e8b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24
Signer

Actual PE Digest

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200811251501\src\btsound\objfre_wxp_x86\i386\blueletaudio.pdb

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ExEventObjectType
ProbeForRead
_except_handler3
KeSetEvent
IoIsWdmVersionAvailable
ExAllocatePoolWithTag
KeInitializeMutex
KeQueryInterruptTime
_aulldiv
_allmul
_alldiv
KeReleaseMutex
KeWaitForSingleObject
KeCancelTimer
KeSetTimerEx
_purecall
KeRemoveQueueDpc
IofCompleteRequest
KeInitializeDpc
KeInitializeEvent
KeInitializeTimerEx
KeInitializeSpinLock
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
IoGetCurrentProcess
ObfDereferenceObject
KeInsertQueueDpc
RtlCompareMemory
ExFreePoolWithTag
ZwOpenFile
ZwReadFile
InterlockedDecrement
InterlockedIncrement
ExFreePool

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcNewServiceGroup
PcRequestNewPowerState
PcDispatchIrp
PcRegisterAdapterPowerManagement
PcRegisterPhysicalConnection
PcNewPort
PcNewMiniport
PcRegisterSubdevice
PcAddAdapterDevice

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
blueletaudio.sys2
.sys windows:5 windows x86 arch:x86

f8ebf6ca009644ecc43f561be4525e8b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24
Signer

Actual PE Digest

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200811251501\src\btsound\objfre_wxp_x86\i386\blueletaudio.pdb

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ExEventObjectType
ProbeForRead
_except_handler3
KeSetEvent
IoIsWdmVersionAvailable
ExAllocatePoolWithTag
KeInitializeMutex
KeQueryInterruptTime
_aulldiv
_allmul
_alldiv
KeReleaseMutex
KeWaitForSingleObject
KeCancelTimer
KeSetTimerEx
_purecall
KeRemoveQueueDpc
IofCompleteRequest
KeInitializeDpc
KeInitializeEvent
KeInitializeTimerEx
KeInitializeSpinLock
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
IoGetCurrentProcess
ObfDereferenceObject
KeInsertQueueDpc
RtlCompareMemory
ExFreePoolWithTag
ZwOpenFile
ZwReadFile
InterlockedDecrement
InterlockedIncrement
ExFreePool

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

portcls.sys

PcInitializeAdapterDriver
PcNewServiceGroup
PcRequestNewPowerState
PcDispatchIrp
PcRegisterAdapterPowerManagement
PcRegisterPhysicalConnection
PcNewPort
PcNewMiniport
PcRegisterSubdevice
PcAddAdapterDevice

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
blueletfaxmdm.cat
blueletfaxmdm.inf1
blueletscoaudio.cat1
blueletscoaudio.cat2
blueletscoaudio.inf1
blueletscoaudio.sys
.sys windows:5 windows x86 arch:x86

3c726d68d129c65d4e0ae81da4f3c29f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:37:b8:0c:28:6d:93:b7:f4:89:80:aa:41:3a:0e:58:47:5b:4d:a8
Signer

Actual PE Digest

d7:37:b8:0c:28:6d:93:b7:f4:89:80:aa:41:3a:0e:58:47:5b:4d:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200811251501\src\btsound\objfre_wxp_x86\i386\BlueletSCOAudio.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
ProbeForRead
_except_handler3
KeSetEvent
IoIsWdmVersionAvailable
ExAllocatePoolWithTag
KeInitializeMutex
KeQueryInterruptTime
_aulldiv
_allmul
_alldiv
KeReleaseMutex
KeWaitForSingleObject
KeCancelTimer
KeSetTimerEx
_purecall
IoGetCurrentProcess
KeInsertQueueDpc
KeInitializeDpc
KeInitializeEvent
KeInitializeTimerEx
KeInitializeSpinLock
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
ObfDereferenceObject
KeRemoveQueueDpc
ExFreePool
InterlockedIncrement
InterlockedDecrement

hal

KfReleaseSpinLock
KfAcquireSpinLock

portcls.sys

PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcDispatchIrp
PcRequestNewPowerState
PcAddAdapterDevice
PcInitializeAdapterDriver
PcNewServiceGroup
PcRegisterSubdevice
PcNewMiniport

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
blueletscoaudio.sys2
.sys windows:5 windows x86 arch:x86

3c726d68d129c65d4e0ae81da4f3c29f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:37:b8:0c:28:6d:93:b7:f4:89:80:aa:41:3a:0e:58:47:5b:4d:a8
Signer

Actual PE Digest

d7:37:b8:0c:28:6d:93:b7:f4:89:80:aa:41:3a:0e:58:47:5b:4d:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200811251501\src\btsound\objfre_wxp_x86\i386\BlueletSCOAudio.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
ProbeForRead
_except_handler3
KeSetEvent
IoIsWdmVersionAvailable
ExAllocatePoolWithTag
KeInitializeMutex
KeQueryInterruptTime
_aulldiv
_allmul
_alldiv
KeReleaseMutex
KeWaitForSingleObject
KeCancelTimer
KeSetTimerEx
_purecall
IoGetCurrentProcess
KeInsertQueueDpc
KeInitializeDpc
KeInitializeEvent
KeInitializeTimerEx
KeInitializeSpinLock
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
ObfDereferenceObject
KeRemoveQueueDpc
ExFreePool
InterlockedIncrement
InterlockedDecrement

hal

KfReleaseSpinLock
KfAcquireSpinLock

portcls.sys

PcNewPort
PcRegisterPhysicalConnection
PcRegisterAdapterPowerManagement
PcDispatchIrp
PcRequestNewPowerState
PcAddAdapterDevice
PcInitializeAdapterDriver
PcNewServiceGroup
PcRegisterSubdevice
PcNewMiniport

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bluesoleil_assistant.exe1
.exe windows:4 windows x86 arch:x86

7680d7d52bff3d0db831080da92f0ebc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcmpiA
OpenEventA
FreeLibrary
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
SetEvent
OutputDebugStringA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
MultiByteToWideChar
LCMapStringA
CloseHandle

winspool.drv

DeletePrinter
ClosePrinter
OpenPrinterA

bssdk

Btsdk_Done
Btsdk_Init

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bluesoleil_voip_plugin.exe
.exe windows:4 windows x86 arch:x86

d61548970cdcf058c993e44bea6273cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

btfunc

BT_InitializeLibrary
BT_UninitializeLibrary
BT_IsBlueSoleilStarted
BT_EnumConnections
BT_GetDefaultAudioDeviceInfo
BT_RegisterCallback
BT_ConnectService
BT_SendProfileCommand

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord290
ord825
ord614
ord4226
ord3663
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord565
ord817
ord2726
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord2976
ord3738
ord815
ord561
ord641
ord2514
ord2621
ord2256
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1576
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord800
ord4160
ord540
ord2863
ord2379
ord6215
ord755
ord470
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord1799
ord823
ord5714
ord4837

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
isdigit
isalnum
malloc
free
time
srand
rand
_strnicmp
strrchr
atoi
sprintf
__CxxFrameHandler
_setmbcp

kernel32

InitializeCriticalSection
GetStartupInfoA
GetModuleHandleA
TerminateThread
CreateMutexA
GetLastError
GetProcAddress
GetModuleFileNameA
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
LeaveCriticalSection
Sleep
EnterCriticalSection
FreeLibrary
LoadLibraryA
GetPrivateProfileStringA
DeleteCriticalSection

user32

AppendMenuA
EnableWindow
PostThreadMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
PostMessageA
SendMessageA
LoadIconA
GetSystemMenu

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bluetooth_devices.lnk
.lnk
bsmonsvr.dll
.dll windows:5 windows x86 arch:x86

36b8020b26b0f94742e7fe1462be6965

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wtoi
_beginthreadex
wcscat
wcsncpy
_except_handler3
wcscmp
wcscpy
wcslen
vsprintf

kernel32

OutputDebugStringA
HeapAlloc
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDirectoryW
GetWindowsDirectoryW
DisableThreadLibraryCalls
FreeLibrary
CreateFileW
CloseHandle
Sleep
lstrcmpW
GetLastError
SetLastError
HeapFree

user32

LoadStringW

winspool.drv

GetJobW
OpenPrinterW
ClosePrinter
SetJobW

bssdk

Btsdk_DisconnectShortCut
Btsdk_GetSecurityMode
Btsdk_SetSecurityMode
Btsdk_ConnectShortCut
Btsdk_GetShortCutProperty
Btsdk_IsServerConnected
Btsdk_HCRPP_GetSvrLPTStatus
Btsdk_GetShortCutByDeviceHandle
Btsdk_GetRemoteDeviceHandle
Btsdk_IsBluetoothReady
Btsdk_RegisterGetStatusInfoCB
Btsdk_SetStatusInfoFlag
Btsdk_Init
Btsdk_Done
Btsdk_HCRPP_ClntWriteData

bscommon

BsCm_IsX64Platform
BsCm_GetLangDepResLib

Exports

Exports

DllEntryPoint
InitializePrintMonitor2

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bsmonsvr.dll1
.dll windows:5 windows x86 arch:x86

09b365c24d18930277f0f7ac160124f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscat
_beginthreadex
wcscpy
wcslen
_except_handler3
vsprintf
_wtoi
wcsncpy
wcscmp

kernel32

HeapAlloc
OutputDebugStringA
DisableThreadLibraryCalls
InitializeCriticalSection
EnterCriticalSection
HeapFree
FreeLibrary
CreateEventW
WaitForSingleObject
SetEvent
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDirectoryW
GetWindowsDirectoryW
CloseHandle
Sleep
lstrcmpW
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap

user32

LoadStringW

winspool.drv

GetJobW
OpenPrinterW
ClosePrinter
SetJobW

bssdk

Btsdk_HCRPP_ClntWriteData
Btsdk_DisconnectShortCut
Btsdk_GetSecurityMode
Btsdk_SetSecurityMode
Btsdk_ConnectShortCut
Btsdk_GetShortCutProperty
Btsdk_GetShortCutByDeviceHandle
Btsdk_GetRemoteDeviceHandle
Btsdk_IsBluetoothReady
Btsdk_RegisterGetStatusInfoCB
Btsdk_SetStatusInfoFlag
Btsdk_Init
Btsdk_HCRPP_GetSvrLPTStatus
Btsdk_Done
Btsdk_IsServerConnected

bscommon

BsCm_IsX64Platform
BsCm_GetLangDepResLib

Exports

Exports

DllEntryPoint
InitializePrintMonitor2

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bsmonui.dll
.dll windows:5 windows x86 arch:x86

e22b8c918d6c23ebc34e13ac84f977ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

sprintf
wcscmp
wcsncpy
wcscat
wcscpy
wcslen
vsprintf

kernel32

DisableThreadLibraryCalls
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
FreeLibrary
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetCurrentProcessId
MultiByteToWideChar
GetLastError
Sleep
GetProcAddress
LoadLibraryW
SetLastError

user32

PostMessageW
GetWindowThreadProcessId
wsprintfW
LoadStringA
GetWindowTextW
EnumWindows

winspool.drv

XcvDataW
ClosePrinter
OpenPrinterW

bscommon

BsCm_GetLangDepResLib
BsCm_IsX64Platform

bssdk

Btsdk_GetRemoteDeviceName
Btsdk_IsServerConnected
Btsdk_Init
Btsdk_GetRemoteDeviceAddress
Btsdk_Done
Btsdk_IsBluetoothReady

Exports

Exports

DllEntryPoint
InitializePrintMonitorUI

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bsmonui.dll1
.dll windows:5 windows x86 arch:x86

37876766b7a1fd9ec3053bdeb0661eba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsncpy
sprintf
wcscmp
wcslen
wcscpy
wcscat
vsprintf

kernel32

OutputDebugStringA
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
FreeLibrary
HeapAlloc
DeleteCriticalSection
SetLastError
GetWindowsDirectoryW
MultiByteToWideChar
WritePrivateProfileStringW
GetCurrentProcessId
GetLastError
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
InitializeCriticalSection
Sleep

user32

PostMessageW
wsprintfW
LoadStringA
GetWindowThreadProcessId
EnumWindows
GetWindowTextW

winspool.drv

OpenPrinterW
XcvDataW
ClosePrinter

bscommon

BsCm_IsX64Platform
BsCm_GetLangDepResLib

bssdk

Btsdk_GetRemoteDeviceAddress
Btsdk_IsNTServiceRunning
Btsdk_IsBluetoothReady
Btsdk_Done
Btsdk_IsServerConnected
Btsdk_Init
Btsdk_GetRemoteDeviceName

Exports

Exports

DllEntryPoint
InitializePrintMonitorUI

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bssend2bt.exe1
.exe windows:4 windows x86 arch:x86

e872a03bf15e4fc10f53b3371e5a6a53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bssdk

Btsdk_GetRemoteDeviceHandle
Btsdk_IsServerConnected
Btsdk_Done
Btsdk_IsBluetoothReady
Btsdk_Init

bscommon

BsCm_SendFilestoBtDevice
BsCm_SyncSend2btShc
BsCm_GetLangDepResLib
BsCm_ParseDeviceAddressFromString

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord823
ord561
ord825
ord2554
ord296
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord641
ord324
ord1168
ord1146
ord4234
ord4710
ord755
ord470
ord2379
ord4486
ord6375
ord4274
ord4673
ord617
ord1576

msvcrt

__p___argc
_mbsstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strcpy
strlen
sprintf
__CxxFrameHandler
memset
_setmbcp
__p___argv

kernel32

FreeLibrary
GetModuleHandleA
GetStartupInfoA
GetFileAttributesA

user32

MessageBoxA
LoadStringA
EnableWindow
LoadIconA
SendMessageA
GetSystemMetrics
DrawIcon
IsIconic
GetClientRect
SetForegroundWindow
FindWindowA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bsskin.ini1
bsui.dll1
.dll windows:4 windows x86 arch:x86

c8abe1ab1bbde4b0bf1329362695a4e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

bscommon

Bscm_SetWindowLong
BsCm_GetCommonSettingFilePath
BsCm_ShouldFilterCurDevCls
BsCm_PostMsg2Bttray
BsCm_DeleteDevices
BsCm_ShouldRefreshRmtSvcByThisLocSvcConn
BsCm_SyncSend2btShc
BsCm_UTF8ToLocalEx
BsCm_LimitStringCharacterCount
BsCm_GetLocalDeviceClass
BsCm_GetCustomVersion
BsCm_ShouldShowThisLocalServer
BsCm_IsSupportBoundBTHWLicenceReg
Bscm_IsAddinNeedAuthorized
BsCm_GetDefaultDevByServiceClass
BsCm_GetCurrPanShc
BsCm_ShouldShowThisRemoteService
BsCm_DelAllShortcutsBySvcClsForSpecialDevice
BsCm_ShouldShowDefaultConn
BsCm_GetConnectionNumByDevHdl
BsCm_IsMobileActive
BsCm_GetInstallDir
BsCm_GetCurrHFHSShc
BsCm_IsConnectingPANOnThisDevice
BsCm_IsShortcutConnected
BsCm_GetRmtSvcDisplayName
BsCm_GetLocSvcDisplayName
BsCm_GetDevTypeStrByDevCls
BsCm_BrowseFTPSvcFolderOf
BsCm_ConnectDefaultShcByDevhdl
BsCm_DestroyMobileSMSInfo
BsCm_SendSMS
BsCm_CreateMobileSMSInfo
BsCm_BrowseMobileFolderOf
BsCm_CreateShortCut
BsCm_IsPrinterInstalled
BsCm_IsSpecialIncomingConnectionExist
BsCm_GetLocSvcClsByRelevantRmtSvcCls
BsCm_GetComPortByShortcut
BsCm_StopServer
BsCm_GetPersonalSettingFilePath
BsCm_GetServiceClsNameStringID
BsCm_UTF8ToLocal
BsCm_StartBttrayProc
BsCm_GetLangDepResLib
BsCm_IsMobileDevice
BsCm_ShouldFilterCurProfile

bssdk

Btsdk_Init
Btsdk_IsServerConnected
Btsdk_SetLocalDeviceParam
Btsdk_GetLocalDeviceParam
Btsdk_EndEnumRemoteDevice
Btsdk_IsDeviceConnected
Btsdk_GetRemoteDeviceClass
Btsdk_EnumRemoteDevice
Btsdk_StartEnumRemoteDevice
Btsdk_Hid_GetPlugFlag
Btsdk_GetAllOutgoingConnections
Btsdk_StopDeviceDiscovery
Btsdk_GetServerAttributes
Btsdk_GetShortCutProperty
Btsdk_PAN_RegIndCbk
Btsdk_RegisterCallback
Btsdk_GetLocalDeviceAddress
Btsdk_GetLocalName
Btsdk_StartNtService
Btsdk_EndEnumLocalServer
Btsdk_EnumLocalServer
Btsdk_StartEnumLocalServer
Btsdk_GetServerStatus
Btsdk_StartDeviceDiscovery
Btsdk_IsMobileActive
Btsdk_RegisterGetStatusInfoCB
Btsdk_IsHardwareLicensed
Btsdk_IsSNLicensed
Btsdk_GetRemoteDeviceName
Btsdk_IsDevicePaired
Btsdk_GetConnectionProperty
Btsdk_GetShortCutByDeviceHandle
Btsdk_EnumRemoteService
Btsdk_EndEnumRemoteService
Btsdk_StartEnumRemoteService
Btsdk_GetRemoteDeviceParam
Btsdk_EndEnumConnection
Btsdk_EnumConnection
Btsdk_StartEnumConnection
Btsdk_BrowseRemoteServices
Btsdk_SetRemoteDeviceParam
Btsdk_AGAP_IsAudioConnExisted
Btsdk_UpdateRemoteDeviceName
Btsdk_UnPairDevice
Btsdk_GetShortCutByServiceHandle
Btsdk_GetRemoteDeviceProperty
Btsdk_IsWinXPorLater
Btsdk_SetStatusInfoFlag
Btsdk_IsNTServiceRunning
Btsdk_IsBluetoothReady
Btsdk_GetPrivateProfileInt
Btsdk_GetPrivateProfileString
Btsdk_Done
Btsdk_IsLicensed
Btsdk_GetAllIncomingConnections
Btsdk_GetRemoteDeviceAddress

bslangindepres

BsRes_GetResCursor
BsRes_GetResIcon

bstrace

?BsTrace_SetTraceSwitch@@YAHH@Z
??1CBsTraceFunc@@QAE@XZ
??0CBsTraceFunc@@QAE@KPAD@Z
?BsTrace_UserDef@@YAXKPBDZZ

bsprofilefunc

BsProfile_GetCurrAdapterIp

gdiplus

GdipCreatePen1
GdipFree
GdipSetPenDashArray
GdipSetPenStartCap
GdipSetPenEndCap
GdipCreateFromHDC
GdipDrawLineI
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipCreatePen2
GdipDrawEllipseI
GdipFillEllipseI
GdipDeletePen
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipSetPenDashStyle

mfc42

ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord1168
ord1151
ord2092
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord2396
ord2446
ord2124
ord5277
ord4627
ord3742
ord818
ord567
ord4275
ord5261
ord1233
ord2379
ord6453
ord6128
ord3571
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord640
ord5785
ord6194
ord1640
ord323
ord470
ord5148
ord6129
ord3756
ord3752
ord1105
ord3921
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord2864
ord4499
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord3825
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord529
ord366
ord5252
ord4317
ord2455
ord2863
ord6215
ord6067
ord3482
ord6000
ord2117
ord4457
ord5282
ord6069
ord2818
ord4413
ord5030
ord5981
ord6199
ord3706
ord3573
ord5787
ord5788
ord472
ord540
ord1146
ord535
ord4160
ord5572
ord2915
ord860
ord2614
ord858
ord4278
ord6662
ord6874
ord6877
ord4277
ord6283
ord4204
ord5856
ord4202
ord941
ord926
ord939
ord5710
ord4129
ord6663
ord6927
ord940
ord924
ord6282
ord1270
ord1232
ord2152
ord3089
ord2380
ord3797
ord6197
ord3920
ord4299
ord3755
ord4083
ord1920
ord3289
ord1158
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord6394
ord6383
ord5440
ord5450
ord5875
ord3626
ord2859
ord1641
ord537
ord800
ord3619
ord2107
ord2841
ord3663
ord2414
ord6157
ord825
ord269
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord5237
ord3346
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord1727

msvcrt

??1type_info@@UAE@XZ
_stricmp
_itoa
free
__CxxFrameHandler
malloc
_strdup
_mbscmp
sscanf
sprintf
_ftol
fclose
fread
fopen
_setjmp3
rand
atoi
strtoul
abort
_CIpow
strncpy
longjmp
fprintf
strtod
__dllonexit
_onexit
_initterm
_adjust_fdiv
_iob

kernel32

LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
MulDiv
LoadLibraryExA
FreeLibrary
Sleep
GetTickCount
CreateFileA
WriteFile
CloseHandle
OutputDebugStringA
LocalAlloc

user32

GetWindowPlacement
IsIconic
OffsetRect
DefWindowProcA
GetClassInfoA
SetRectEmpty
SetWindowRgn
SetRect
WindowFromPoint
PtInRect
SetMenuItemInfoA
GetMenuItemInfoA
ShowScrollBar
GetWindowRect
PostMessageA
GetClientRect
SetWindowTextA
UpdateWindow
SetFocus
CallWindowProcA
GetWindowLongA
ScreenToClient
CopyRect
InflateRect
InvalidateRect
IsWindow
GetDC
ReleaseDC
SystemParametersInfoA
LoadImageA
DestroyCursor
GetSysColor
CopyIcon
DestroyIcon
FillRect
CreateIconIndirect
GetIconInfo
SetForegroundWindow
TranslateAcceleratorA
LoadAcceleratorsA
GetMenu
DeleteMenu
DrawMenuBar
IsRectEmpty
GetSystemMetrics
IntersectRect
SendMessageA
GetParent
GetActiveWindow
ClientToScreen
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
LoadCursorA
SetCursor
LoadStringA
GetCursorPos
KillTimer
SetTimer

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateFontIndirectA
GetTextExtentPoint32A
CreateSolidBrush
CreatePolygonRgn
StrokePath
EndPath
PolyBezier
BeginPath
CreateBrushIndirect
GetObjectA
StretchBlt
CreateBitmap
SetTextColor
LineTo
MoveToEx
CreatePen
SetBkColor
SetBkMode
SetTextJustification
GetDeviceCaps
GetDCOrgEx
GetClipBox
SelectClipRgn
FillRgn
FrameRgn
OffsetRgn
CombineRgn
CreateRectRgn
CreateRoundRectRgn
SetDIBitsToDevice

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

Bsui_DispatchMessage
Bsui_InitBsuiMainWindow
Bsui_SetParentWindow

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btav.ini1
bthidbus.cat1
bthidbus.cat2
bthidbus.inf
bthidbus.sys
.sys windows:5 windows x86 arch:x86

8530ac93bdd31b20d08fec031ae1e347

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:8d:ec:0d:1c:f5:40:29:16:38:23:86:2e:af:bf:c3:77:1b:04:7f
Signer

Actual PE Digest

3a:8d:ec:0d:1c:f5:40:29:16:38:23:86:2e:af:bf:c3:77:1b:04:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200901072328\src\bthid\bthidbus_V2\objfre_wxp_x86\i386\BtHidBus.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeInitializeSemaphore
IoDetachDevice
IoGetDriverObjectExtension
IoAllocateDriverObjectExtension
ExFreePool
IoInitializeRemoveLockEx
IoDeleteSymbolicLink
ObfDereferenceObject
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
IofCompleteRequest
KeSetEvent
IoReleaseRemoveLockEx
InterlockedIncrement
IoAcquireRemoveLockEx
InterlockedDecrement
KeInitializeSpinLock
IoAttachDeviceToDeviceStack
ObReferenceObjectByHandle
ExAllocatePoolWithTag
wcsstr
IoInvalidateDeviceRelations
ZwClose
ZwEnumerateKey
wcsncmp
ZwDeleteKey
ZwOpenKey
KeReleaseSemaphore
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IoReleaseRemoveLockAndWaitEx
ObfReferenceObject
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
InterlockedExchange
PoCallDriver
wcslen
KeInitializeEvent

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 375B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 896B - Virtual size: 783B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetbus.cat
btnetbus.cat2
btnetbus.inf
btnetbus.sys
.sys windows:5 windows x86 arch:x86

9274201e2775c370acdfe38ab9fda8c0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:a3:5e:07:94:bd:d6:58:ce:ec:d6:3c:fc:b8:58:4a:ae:15:2a:51
Signer

Actual PE Digest

f9:a3:5e:07:94:bd:d6:58:ce:ec:d6:3c:fc:b8:58:4a:ae:15:2a:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200812071237\src\btpan\btnetbus\objfre_wxp_x86\i386\btnetBus.pdb

Imports

ntoskrnl.exe

IoCreateDevice
DbgPrint
ObfDereferenceObject
ObReferenceObjectByHandle
ExFreePoolWithTag
IoReleaseRemoveLockEx
IofCompleteRequest
IoAcquireRemoveLockEx
KeInitializeSpinLock
IoInitializeRemoveLockEx
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoDeleteDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
ObfReferenceObject
ExAllocatePoolWithTag
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeInitializeEvent
PoCallDriver
PoStartNextPowerIrp
swprintf
wcslen
PoSetPowerState
PoRequestPowerIrp
RtlInitUnicodeString
KeSetEvent
KeCancelTimer
IoInvalidateDeviceRelations

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetdrv.sys
.sys windows:6 windows x86 arch:x86

0e7cbfec2e081bd23d29a270e29992cf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:b7:99:6b:fc:96:94:8e:57:29:f2:65:82:dc:48:b6:be:c4:b1:eb
Signer

Actual PE Digest

f7:b7:99:6b:fc:96:94:8e:57:29:f2:65:82:dc:48:b6:be:c4:b1:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\windriversinternal\srcstore\200812071237\src\btpan\btnetdrv_v3\objfre_wxp_x86\i386\btnetdrv.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memset
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
memcpy
MmMapLockedPagesSpecifyCache

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMIndicateStatusComplete
NdisInitializeEvent
NdisMSetAttributesEx
NdisOpenConfiguration
NdisMIndicateStatus
NdisMDeregisterAdapterShutdownHandler
NdisSetEvent
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisMSleep
NdisWaitEvent
NdisMRegisterAdapterShutdownHandler
NdisMGetDeviceProperty
NdisCloseConfiguration
NdisReadNetworkAddress

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetdrv.sys1
.sys windows:6 windows x86 arch:x86

7706ef62783b4787a057b11c0c1ef7f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:31:a7:4a:7c:24:f2:20:f1:ce:47:2e:20:ac:31:9d:1c:46:33:36
Signer

Actual PE Digest

37:31:a7:4a:7c:24:f2:20:f1:ce:47:2e:20:ac:31:9d:1c:46:33:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\windriversinternal\srcstore\200812071237\src\btpan\btnetdrv_ndis6\objfre_wlh_x86\i386\btnetdrv.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
memset
memcpy
MmMapLockedPagesSpecifyCache

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMRegisterMiniportDriver
NdisMGetDeviceProperty
NdisMDeregisterMiniportDriver
NdisMIndicateStatusEx
NdisSetEvent
NdisMSleep
NdisOpenConfigurationEx
NdisMIndicateReceiveNetBufferLists
NdisWaitEvent
NdisFreeNetBufferList
NdisMSendNetBufferListsComplete
NdisFreeMemory
NdisAllocateMemoryWithTagPriority
NdisFreeNetBufferListPool
NdisFreeMdl
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisAllocateNetBufferListPool
NdisInitializeEvent
NdisMSetMiniportAttributes
NdisCloseConfiguration
NdisReadNetworkAddress

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetdrv.sys5
.sys windows:6 windows x86 arch:x86

0e7cbfec2e081bd23d29a270e29992cf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:b7:99:6b:fc:96:94:8e:57:29:f2:65:82:dc:48:b6:be:c4:b1:eb
Signer

Actual PE Digest

f7:b7:99:6b:fc:96:94:8e:57:29:f2:65:82:dc:48:b6:be:c4:b1:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\windriversinternal\srcstore\200812071237\src\btpan\btnetdrv_v3\objfre_wxp_x86\i386\btnetdrv.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memset
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
memcpy
MmMapLockedPagesSpecifyCache

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMIndicateStatusComplete
NdisInitializeEvent
NdisMSetAttributesEx
NdisOpenConfiguration
NdisMIndicateStatus
NdisMDeregisterAdapterShutdownHandler
NdisSetEvent
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisMSleep
NdisWaitEvent
NdisMRegisterAdapterShutdownHandler
NdisMGetDeviceProperty
NdisCloseConfiguration
NdisReadNetworkAddress

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetdrv.sys6
.sys windows:6 windows x86 arch:x86

7706ef62783b4787a057b11c0c1ef7f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:31:a7:4a:7c:24:f2:20:f1:ce:47:2e:20:ac:31:9d:1c:46:33:36
Signer

Actual PE Digest

37:31:a7:4a:7c:24:f2:20:f1:ce:47:2e:20:ac:31:9d:1c:46:33:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\windriversinternal\srcstore\200812071237\src\btpan\btnetdrv_ndis6\objfre_wlh_x86\i386\btnetdrv.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCallDriver
KeWaitForSingleObject
memset
memcpy
MmMapLockedPagesSpecifyCache

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMRegisterMiniportDriver
NdisMGetDeviceProperty
NdisMDeregisterMiniportDriver
NdisMIndicateStatusEx
NdisSetEvent
NdisMSleep
NdisOpenConfigurationEx
NdisMIndicateReceiveNetBufferLists
NdisWaitEvent
NdisFreeNetBufferList
NdisMSendNetBufferListsComplete
NdisFreeMemory
NdisAllocateMemoryWithTagPriority
NdisFreeNetBufferListPool
NdisFreeMdl
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisAllocateNetBufferListPool
NdisInitializeEvent
NdisMSetMiniportAttributes
NdisCloseConfiguration
NdisReadNetworkAddress

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetfilter.sys
.sys windows:5 windows x86 arch:x86

5b6e79e4b257ecb81e95abca1cc83286

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:18:84:c3:28:8b:e6:d6:cc:6f:2b:17:05:4d:4c:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2006, 00:00

Not After

19/09/2008, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:ae:64:84:32:12:8f:6a:76:d2:12:df:d1:61:94:c1:89:73:ab:b0
Signer

Actual PE Digest

18:ae:64:84:32:12:8f:6a:76:d2:12:df:d1:61:94:c1:89:73:ab:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\src\200611221337\windrivers\ia64\btnetfilter\driver\driver_src\objfre_wxp_x86\i386\BTNetFilter.pdb

Imports

ntoskrnl.exe

KeInitializeSpinLock
KeClearEvent
KeInitializeEvent
IoCreateNotificationEvent
_alldiv
_allrem
KeQuerySystemTime
MmMapLockedPages
KeWaitForSingleObject
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeSetEvent
RtlQueryRegistryValues
_allmul
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IofCompleteRequest
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
DbgPrint
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
ZwQueryValueKey
ExAllocatePoolWithTag
ExFreePoolWithTag
KeResetEvent
ZwClose

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisOpenAdapter
NdisCloseAdapter
NdisFreePacketPool
NdisSystemProcessorCount
NdisRegisterProtocol
NdisInitializeEvent
NdisResetEvent
NdisRequest
NdisWaitEvent
NdisSetEvent
NdisDeregisterProtocol
NdisAllocatePacketPool
NdisFreePacket
NdisReset
NdisAllocatePacket

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 859B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btnetfilter.sys2
.sys windows:5 windows x86 arch:x86

5b6e79e4b257ecb81e95abca1cc83286

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:18:84:c3:28:8b:e6:d6:cc:6f:2b:17:05:4d:4c:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2006, 00:00

Not After

19/09/2008, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:ae:64:84:32:12:8f:6a:76:d2:12:df:d1:61:94:c1:89:73:ab:b0
Signer

Actual PE Digest

18:ae:64:84:32:12:8f:6a:76:d2:12:df:d1:61:94:c1:89:73:ab:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\src\200611221337\windrivers\ia64\btnetfilter\driver\driver_src\objfre_wxp_x86\i386\BTNetFilter.pdb

Imports

ntoskrnl.exe

KeInitializeSpinLock
KeClearEvent
KeInitializeEvent
IoCreateNotificationEvent
_alldiv
_allrem
KeQuerySystemTime
MmMapLockedPages
KeWaitForSingleObject
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeSetEvent
RtlQueryRegistryValues
_allmul
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IofCompleteRequest
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
DbgPrint
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
ZwQueryValueKey
ExAllocatePoolWithTag
ExFreePoolWithTag
KeResetEvent
ZwClose

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisOpenAdapter
NdisCloseAdapter
NdisFreePacketPool
NdisSystemProcessorCount
NdisRegisterProtocol
NdisInitializeEvent
NdisResetEvent
NdisRequest
NdisWaitEvent
NdisSetEvent
NdisDeregisterProtocol
NdisAllocatePacketPool
NdisFreePacket
NdisReset
NdisAllocatePacket

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 859B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
btpcmcia.sys
.sys windows:5 windows x86 arch:x86

eade0a3c9f9a43a371d07e19f2ef18b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoStartNextPowerIrp
PoCallDriver
ZwClose
IofCallDriver
KeInitializeSpinLock
ExFreePool
IoReleaseCancelSpinLock
ExAllocatePoolWithTag
PoSetPowerState
IoAcquireCancelSpinLock
KeInitializeDpc
KefAcquireSpinLockAtDpcLevel
KeRemoveQueueDpc
KefReleaseSpinLockFromDpcLevel
IofCompleteRequest
InterlockedExchange
DbgPrint
ObfDereferenceObject
KeSynchronizeExecution
MmUnmapIoSpace
MmMapLockedPages
KeInsertQueueDpc
RtlAppendUnicodeStringToString
ZwOpenKey
ZwCreateKey
memmove
ZwQueryValueKey
RtlInitUnicodeString
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
IoAttachDeviceToDeviceStack
RtlIntegerToUnicodeString
RtlFreeUnicodeString
InterlockedIncrement
KeReleaseMutex
InterlockedDecrement
KeWaitForSingleObject
IoDetachDevice
KeClearEvent
KeSetEvent
IoDeleteDevice
IoFreeIrp
IoAllocateIrp
PoRequestPowerIrp
IoCancelIrp
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoConnectInterrupt
IoDisconnectInterrupt
MmMapIoSpace
KeInitializeEvent
KeInitializeMutex
KeRemoveEntryDeviceQueue

hal

KeGetCurrentIrql
WRITE_PORT_UCHAR
KfReleaseSpinLock
READ_PORT_UCHAR
KfAcquireSpinLock
KeStallExecutionProcessor

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 576B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fw203x.sys
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fw203x.sys2
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hid2hci.exe1
.exe windows:4 windows x86 arch:x86

61962fad8c8071530bc680d854b55249

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineW
GetProcAddress
OutputDebugStringA
LoadLibraryA
FreeLibrary
GetLastError
CloseHandle
HeapFree
CreateFileA
HeapAlloc
GetProcessHeap
SetLastError
LocalFree
FormatMessageA
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
VirtualAlloc
FlushFileBuffers
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GlobalFree
GetCommandLineA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
LCMapStringA
GetStdHandle
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

user32

MessageBoxA

shell32

CommandLineToArgvW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hidminidrv.cat
hidminidrv.inf1
im.ini1
ivt_pcmcia.dll
.dll windows:4 windows x86 arch:x86

e8fb528f7a8a5acec0f6430f5b924b7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

msvcrt

??3@YAXPAX@Z
malloc
free
__dllonexit
_onexit
_initterm
_adjust_fdiv

btpcmcia

??1CBtpcmcia@@UAE@XZ
?PCMCIA_Open@CBtpcmcia@@QAEHXZ
?PCMCIA_Close@CBtpcmcia@@QAEHXZ
?PCMCIA_TxCommand@CBtpcmcia@@QAEHPAEG@Z
?PCMCIA_TxAclData@CBtpcmcia@@QAEHPAEK@Z
?PCMCIA_TxScoData@CBtpcmcia@@QAEHPAEG@Z
??0CBtpcmcia@@QAE@XZ

Exports

Exports

CloseCommPort
ConfigCommPort
OpenCommPort
RegisterAddRcvData
RegisterHandleRcvData
SendDataToInt

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ivtbtbus.cat
ivtbtbus.inf
ivtbtbus.sys
.sys windows:5 windows x86 arch:x86

3e912927f28e00422dc2a8c74855e788

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:18:84:c3:28:8b:e6:d6:cc:6f:2b:17:05:4d:4c:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2006, 00:00

Not After

19/09/2008, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:42:4a:85:44:0e:f3:de:85:92:b9:d2:b4:ad:90:ee:e9:72:4b:8b
Signer

Actual PE Digest

53:42:4a:85:44:0e:f3:de:85:92:b9:d2:b4:ad:90:ee:e9:72:4b:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\WinDriversInternal\srcstore\200807021455\src\btbus\objfre_wxp_x86\i386\IvtBtBus.pdb

Imports

ntoskrnl.exe

IoReleaseRemoveLockEx
IofCompleteRequest
IoAcquireRemoveLockEx
KeInitializeSpinLock
IoInitializeRemoveLockEx
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IoDetachDevice
DbgPrint
ExFreePoolWithTag
ObfReferenceObject
ExAllocatePoolWithTag
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeInitializeEvent
PoCallDriver
PoStartNextPowerIrp
swprintf
wcslen
PoSetPowerState
PoRequestPowerIrp
IoReleaseRemoveLockAndWaitEx
KeSetEvent
KeCancelTimer
IoInvalidateDeviceRelations

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 299B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 896B - Virtual size: 837B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netbt.cat1
netbt.cat4
netbt.inf
netbt.inf4
sktbt2k.sys
.sys windows:5 windows x86 arch:x86

31dbfee11eed0cd7f0b794ebcac0e479

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PoSetPowerState
IoDeleteDevice
ExFreePool
KeInitializeEvent
IoCreateDevice
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
InterlockedExchange
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoConnectInterrupt
KeSynchronizeExecution
IoOpenDeviceRegistryKey
WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
RtlAppendUnicodeStringToString
RtlInitUnicodeString
MmUnmapIoSpace
KeInitializeDpc
RtlIntegerToUnicodeString
ZwClose
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
RtlAppendUnicodeToString
wcslen
KeInitializeTimer
IoDetachDevice
InterlockedDecrement
KeRemoveQueueDpc
IofCompleteRequest
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
MmUnlockPagableImageSection
DbgBreakPoint
MmLockPagableDataSection
ExAllocatePoolWithQuotaTag
IoCancelIrp
KeInsertQueueDpc
InterlockedIncrement
RtlQueryRegistryValues
MmQuerySystemSize
KeInitializeSpinLock
MmMapIoSpace
KeDelayExecutionThread
IoAttachDeviceToDeviceStack
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
KeClearEvent
KeSetEvent
KeQuerySystemTime
memmove
ZwQueryValueKey
ZwSetValueKey
KeSetTimer
KeCancelTimer
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoInvalidateDeviceState
IoWMIRegistrationControl
IoDisconnectInterrupt
RtlUnwind
MmLockPagableSectionByHandle
IoGetConfigurationInformation

hal

ExAcquireFastMutex
ExReleaseFastMutex
READ_PORT_UCHAR
WRITE_PORT_UCHAR
KfReleaseSpinLock
KfAcquireSpinLock

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESPR0
Size: 736B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sktsio9x.vxd
skype4com.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b707e5797d27e0cd2f8590a13a9f71f1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:a2:d6:3f:f9:f4:e5:47:c3:cb:95:46:19:d7:84:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10/05/2006, 00:00

Not After

10/05/2007, 23:59

Subject

CN=Skype Technologies SA,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Skype Technologies SA,L=Luxembourg,ST=Luxembourg,C=LU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:75:73:7b:07:b4:f9:df:0e:90:7c:cc:9e:60:af:a1:68:49:4e:8b
Signer

Actual PE Digest

03:75:73:7b:07:b4:f9:df:0e:90:7c:cc:9e:60:af:a1:68:49:4e:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryExW
GetModuleHandleW
MulDiv
CloseHandle
CreateProcessW
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
InterlockedCompareExchange
GetStringTypeExW
ReadFile
SetEndOfFile
GetLocaleInfoW
LoadLibraryA
CreateFileW
SetFilePointer
FlushFileBuffers
SetStdHandle
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
DisableThreadLibraryCalls
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WriteFile
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
CreateThread
ExitThread
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
LocalFree
GetVersionExA
lstrcatW
lstrcpynW
lstrcmpiW
lstrcpyW
Sleep
GetComputerNameExW
lstrlenA
MultiByteToWideChar
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetLastError
HeapFree
GetLocalTime
SystemTimeToFileTime
FindResourceW
LoadResource
SizeofResource
InterlockedExchange
LockResource
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GetModuleFileNameW
InterlockedDecrement
GetCurrentThreadId
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStringsW

user32

RegisterClassExW
LoadCursorW
wsprintfW
GetClassInfoExW
KillTimer
CreateWindowExW
SetWindowLongW
DestroyWindow
UnregisterClassW
DefWindowProcW
GetDesktopWindow
GetWindowLongW
SetTimer
DialogBoxParamW
CallWindowProcW
SendMessageW
GetParent
GetActiveWindow
EndDialog
EnableWindow
GetDlgItem
GetMessageW
TranslateMessage
PostThreadMessageW
PostMessageW
SendMessageTimeoutW
LoadIconW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
GetWindowThreadProcessId
EnumWindows
GetClassNameW
SetFocus
GetFocus
IsChild
BeginPaint
EndPaint
InvalidateRect
IsWindow
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
GetDC
ReleaseDC
UnionRect
PtInRect
RegisterWindowMessageW
CharNextW
EnumChildWindows
CheckRadioButton
IsDlgButtonChecked
CopyRect
LoadBitmapW
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageW
ShowWindow
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetClientRect
FillRect
InflateRect
SetRect
GetWindowTextW
DrawTextW

gdi32

GetStockObject
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
Rectangle
SetTextAlign
TextOutW
SetBkColor
RoundRect
GetCurrentObject
GetObjectW
CreateFontIndirectW
SelectObject
DeleteObject
CreatePen
CreateSolidBrush
CreateDCW
GetDeviceCaps

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CLSIDFromString
CoTaskMemFree
CoCreateInstance
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
ProgIDFromCLSID
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame
VariantChangeType
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SystemTimeToVariantTime
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysAllocString
VariantCopy

shlwapi

PathFindExtensionW

comctl32

ImageList_Create
ImageList_AddMasked
InitCommonControlsEx

urlmon

ReleaseBindInfo

wininet

CreateUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCrackUrlW
CommitUrlCacheEntryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skypeagent.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8624a6410115b07a99f2a444e8a29806

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord2841
ord5500
ord1132
ord6467
ord1131
ord6354
ord2107
ord5450
ord5440
ord6383
ord6394
ord6055
ord3346
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3742
ord567
ord818
ord823
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3663
ord4274
ord4078
ord825
ord1578
ord600
ord826
ord269
ord1116

msvcrt

malloc
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__CxxFrameHandler
free
wcslen

kernel32

LocalFree
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc

user32

EnableWindow

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
CreateErrorInfo
SysFreeString
VariantChangeType
SetErrorInfo
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
VoIPIM_CallCommand
VoIPIM_Done
VoIPIM_GetCallList
VoIPIM_GetContactList
VoIPIM_GetIMInfo
VoIPIM_Init
VoIPIM_RegAppCbk
VoIPIM_RegCallCbk
VoIPIM_UnregAppCbk
VoIPIM_UnregCallCbk

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smwithonly.inf1
smwithoutonly.inf1
socketserialbt.inf
vhidmini.sys
.sys windows:5 windows x86 arch:x86

a93c129f142e839e90e431f70b3377f7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a9:2e:84:4e:05:43:e6:27:eb:d2:4b:7a:bc:0f:03:c1:87:e5:01
Signer

Actual PE Digest

e6:a9:2e:84:4e:05:43:e6:27:eb:d2:4b:7a:bc:0f:03:c1:87:e5:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200812221310\src\bthid\bthidmini_V2\objfre_wxp_x86\i386\VHIDMini.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
IofCallDriver
KeSetEvent
KeWaitForSingleObject
ZwClose
ZwSetValueKey
wcslen
swprintf
ZwCreateKey
RtlInitUnicodeString
KeInitializeSpinLock
InterlockedDecrement
IoInitializeTimer
IoStartTimer
IoBuildDeviceIoControlRequest
IoStopTimer
ExFreePool
IoFreeWorkItem
IoQueueWorkItem
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoAllocateWorkItem
InterlockedIncrement
IofCompleteRequest

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

hidclass.sys

HidRegisterMinidriver

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vhidmini.sys2
.sys windows:5 windows x86 arch:x86

a93c129f142e839e90e431f70b3377f7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/09/2008, 00:00

Not After

20/09/2011, 23:59

Subject

CN=IVT SOFTWARE TECHNOLOGY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IVT SOFTWARE TECHNOLOGY Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a9:2e:84:4e:05:43:e6:27:eb:d2:4b:7a:bc:0f:03:c1:87:e5:01
Signer

Actual PE Digest

e6:a9:2e:84:4e:05:43:e6:27:eb:d2:4b:7a:bc:0f:03:c1:87:e5:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WinDriversInternal\srcstore\200812221310\src\bthid\bthidmini_V2\objfre_wxp_x86\i386\VHIDMini.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
IofCallDriver
KeSetEvent
KeWaitForSingleObject
ZwClose
ZwSetValueKey
wcslen
swprintf
ZwCreateKey
RtlInitUnicodeString
KeInitializeSpinLock
InterlockedDecrement
IoInitializeTimer
IoStartTimer
IoBuildDeviceIoControlRequest
IoStopTimer
ExFreePool
IoFreeWorkItem
IoQueueWorkItem
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoAllocateWorkItem
InterlockedIncrement
IofCompleteRequest

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

hidclass.sys

HidRegisterMinidriver

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wp_pcmcia.dll
.dll windows:4 windows x86 arch:x86

714e0072c8d5f119d78b1d3d0d0fdca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
??2@YAPAXI@Z
__dllonexit
_adjust_fdiv
_initterm
memcpy
memset
free
malloc
??3@YAXPAX@Z

kernel32

CreateEventA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
WriteFile
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
SetEvent
CreateThread

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

Exports

Exports

CloseCommPort
ConfigCommPort
OpenCommPort
RegisterAddRcvData
RegisterHandleRcvData
SendDataToInt

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wp_pcmcia.inf
wppcmcia.sys
.sys windows:5 windows x86 arch:x86

0219350370ca826d2d4bbb9fa02786c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

KeWaitForSingleObject
InterlockedIncrement
KeSetTimer
InterlockedDecrement
ExFreePool
KeCancelTimer
KeInitializeTimer
KeSynchronizeExecution
IoFreeIrp
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IofCompleteRequest
KeSetEvent
IoStartTimer
IoAttachDeviceToDeviceStack
KeInitializeDpc
IoRegisterDeviceInterface
PoSetPowerState
IoInitializeTimer
KeInitializeSpinLock
IoCreateDevice
IoSetDeviceInterfaceState
IoDetachDevice
RtlFreeUnicodeString
KeResetEvent
IoStopTimer
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
IoDisconnectInterrupt
MmUnmapIoSpace
IoConnectInterrupt
MmMapIoSpace
WRITE_REGISTER_UCHAR
ExAllocatePoolWithTag
KeInsertQueueDpc
IoDeleteDevice

hal

KfAcquireSpinLock
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 704B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 544B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f6720a918d6bc4467561f6e2f5b38cf

Headers

File Characteristics

PDB Paths

Imports

msvcrt

setupapi

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 576B - Virtual size: 568B

.data Size: 115KB - Virtual size: 115KB

PAGECODE Size: 768B - Virtual size: 765B

PAGEDNLD Size: 8KB - Virtual size: 8KB

PAGEDATA Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

29e0b5c527b7bf03d067cdd300031a17

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

usbd.sys

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 576B - Virtual size: 568B

.data Size: 115KB - Virtual size: 115KB

PAGECODE Size: 768B - Virtual size: 765B

PAGEDNLD Size: 8KB - Virtual size: 8KB

PAGEDATA Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

f8ebf6ca009644ecc43f561be4525e8b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5aCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

portcls.sys

Sections

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 576B - Virtual size: 568B

.data
Size: 115KB - Virtual size: 115KB

PAGECODE
Size: 768B - Virtual size: 765B

PAGEDNLD
Size: 8KB - Virtual size: 8KB

PAGEDATA
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 576B - Virtual size: 568B

.data
Size: 115KB - Virtual size: 115KB

PAGECODE
Size: 768B - Virtual size: 765B

PAGEDNLD
Size: 8KB - Virtual size: 8KB

PAGEDATA
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1018B

PAGE
Size: 7KB - Virtual size: 7KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 986B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

02:0b:37:5f:7a:eb:97:34:ba:ea:7e:d7:28:b7:46:d6:92:bd:9b:24
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1018B

PAGE
Size: 7KB - Virtual size: 7KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 986B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:f9:db:d9:2e:7c:94:6c:6b:44:cb:b0:b3:ed:05:5a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

d7:37:b8:0c:28:6d:93:b7:f4:89:80:aa:41:3a:0e:58:47:5b:4d:a8
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

PAGE
Size: 6KB - Virtual size: 6KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB