Installer[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Installer.zip
Size

33.1MB
MD5

6420230e55d86b803559979b19ad96d7
SHA1

52078a8431c95c7fef1b388779b4a3a46dba4047
SHA256

d98832bfc040c10d3000a9afc90ec9f8d9adcfc12ad45bc6baabfa26f760d97b
SHA512

f0fe2d9f30e29aa688427871d26f7eb72755187a37bdada54bc1c186a79dad942ed800e99748bb2693afa399fe3fbeaff74c40b9f49dbfce4b00f34a670662c6
SSDEEP

786432:pMKSBSPHnbJ2ATLDV6bUw9dgiDB95DIS2Zn6rq9giCuiVxWW9EQIgUt:pdSSMAT9kgiDZb8nHniLWW9EQIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Installer/Installer.exe

resource
unpack001/Installer/Installer.exe

Files

Installer.zip
.zip
Installer/Data/data.bin
Installer/Data/dataInstaller.bin
Installer/Installer.exe
.exe windows:6 windows x86 arch:x86

2ca53fefee819fb338d7a7a06e21cce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
ReadFile
WriteFile
GetCurrentProcess
GetModuleHandleA
K32GetModuleInformation
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
VirtualProtect
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetFileSize
LoadLibraryA
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/README.txt
Installer/dxgkrnl.bin
.sys windows:10 windows x64 arch:x64

ac20eaef92ae043b01cca4b039a9d832

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:7c:d1:df:78:d9:cf:54:84:48:b6:e7:73:b7:1b:bd:ab:f5:26:bb:ce:8d:a4:ae:85:4d:24:ef:40:28:dd:a7
Signer

Actual PE Digest

55:7c:d1:df:78:d9:cf:54:84:48:b6:e7:73:b7:1b:bd:ab:f5:26:bb:ce:8d:a4:ae:85:4d:24:ef:40:28:dd:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dxgkrnl.pdb

Imports

ntoskrnl.exe

KeAcquireInStackQueuedSpinLockAtDpcLevel
KeCancelTimer
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeQueryInterruptTimePrecise
ZwYieldExecution
ExAcquirePushLockExclusiveEx
ExTryAcquirePushLockExclusiveEx
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleasePushLockExclusiveEx
ExQueryDepthSList
ZwUpdateWnfStateData
ExFreePoolWithTag
IoFreeWorkItem
ExAllocatePoolWithTag
PsGetCurrentProcessSessionId
KeReadStateEvent
PoFxSetComponentLatency
ExQueueWorkItem
PoFxSetComponentResidency
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
ExTryAcquirePushLockSharedEx
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
PsGetCurrentProcess
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeInitializeSpinLock
KeInitializeEvent
KeInitializeTimer
KeInitializeDpc
ExDeleteResourceLite
RtlQueryRegistryValuesEx
PoFxRegisterDevice
KeQueryTimeIncrement
PoFxSetDeviceIdleTimeout
InitializeSListHead
PsCreateSystemThread
PoFxUnregisterDevice
bsearch
wcsrchr
RtlCompareUnicodeStrings
RtlFreeUnicodeString
ExInitializeResourceLite
IoGetDeviceAttachmentBaseRef
ObfDereferenceObject
ZwAllocateLocallyUniqueId
RtlNotifyFeatureUsage
KeResetEvent
KeDelayExecutionThread
ObfReferenceObject
KeFlushQueuedDpcs
ZwWaitForSingleObject
ZwClose
PoUnregisterPowerSettingCallback
IoBuildSynchronousFsdRequest
IofCallDriver
EtwActivityIdControl
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
MmGetPhysicalMemoryRanges
MmCreateSection
MmMapViewInSystemSpace
IoAllocateMdl
MmProbeAndLockPages
MmUnlockPages
IoFreeMdl
MmUnmapViewInSystemSpace
MmMapViewInSystemSpaceEx
SeExports
RtlCheckTokenMembership
KeQueryUnbiasedInterruptTime
ZwOpenKey
ZwQueryKey
ZwDeleteKey
KeUnstackDetachProcess
KeStackAttachProcess
IoSizeofWorkItem
IoInitializeWorkItem
DbgPrintEx
PsGetProcessSessionId
KeInitializeTimerEx
IoCreateNotificationEvent
KeClearEvent
ZwCreateEvent
ObReferenceObjectByHandle
ExEventObjectType
ExUuidCreate
KeSetTimerEx
KeWaitForMultipleObjects
qsort
ExDeleteLookasideListEx
ExInitializeRundownProtection
ExInitializeLookasideListEx
ExAllocatePoolWithQuotaTag
ExWaitForRundownProtectionRelease
ExReInitializeRundownProtection
wcsnlen
RtlAppendUnicodeToString
ObOpenObjectByPointer
ObGetObjectType
ExReleaseRundownProtection
ExAcquireRundownProtection
ExDeletePagedLookasideList
ExInitializePagedLookasideList
PoFxCompleteDirectedPowerDown
PoNotifyVSyncChange
PoFxCompleteIdleCondition
PoFxCompleteDevicePowerNotRequired
MmUserProbeAddress
ExRaiseDatatypeMisalignment
IoGetDeviceObjectPointer
ExGetPreviousMode
RtlGetNtSystemRoot
_wcslwr
wcsstr
PsAttachSiloToCurrentThread
PsGetHostSilo
wcsncmp
SeCaptureSubjectContext
RtlCreateSecurityDescriptor
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
SeAccessCheck
SeReleaseSubjectContext
ZwOpenThreadTokenEx
ZwQueryInformationToken
ZwOpenProcessTokenEx
RtlSubAuthorityCountSid
RtlEqualSid
PsGetCurrentThreadPreviousMode
KdRefreshDebuggerNotPresent
PsGetProcessImageFileName
PsGetCurrentThreadId
ZwQueryWnfStateData
RtlQueryFeatureConfiguration
MmRotatePhysicalView
MmFreePagesFromMdl
ZwFreeVirtualMemory
PsIsProtectedProcess
PsIsProtectedProcessLight
ZwQueryVirtualMemory
ZwQuerySection
ObCloseHandle
MmSectionObjectType
PsGetCurrentProcessId
PsGetProcessId
KeReleaseSemaphore
PsIsThreadTerminating
PsTerminateSystemThread
ExSubscribeWnfStateChange
ExUnsubscribeWnfStateChange
InbvNotifyDisplayOwnershipChange
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
MmUnsecureVirtualMemory
ZwAllocateVirtualMemory
MmSecureVirtualMemory
vswprintf_s
RtlCopyLuid
_purecall
PsGetProcessDxgProcess
MmMapLockedPagesSpecifyCache
PoFxActivateComponent
ZwEnumerateValueKey
MmAllocatePagesForMdlEx
MmMapViewOfSection
MmUnmapViewOfSection
MmUnmapLockedPages
RtlCopyUnicodeString
ZwSetValueKey
IoQueueWorkItem
PsGetProcessWow64Process
PsLookupProcessByProcessId
KePulseEvent
ZwOpenProcess
RtlCompareMemory
ObCreateObject
PsProcessType
ObInsertObject
KdDebuggerEnabled
ExAllocatePool2
PoFxPowerControl
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
KiBugCheckData
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
SeSinglePrivilegeCheck
ZwAlpcQueryInformation
ZwAlpcDisconnectPort
_vsnwprintf
ZwAlpcConnectPort
ZwAlpcSendWaitReceivePort
KeQueryRuntimeThread
KfRaiseIrql
KeLowerIrql
IoGetAttachedDeviceReference
IoBuildDeviceIoControlRequest
PsSetThreadProperty
ExQueryWnfStateData
RtlRegisterFeatureConfigurationChangeNotification
RtlQueryFeatureConfigurationChangeStamp
PsSetCreateProcessNotifyRoutineEx
ZwQuerySystemInformation
RtlGetSuiteMask
RtlUnregisterFeatureConfigurationChangeNotification
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
IoDeleteDevice
IofCompleteRequest
ProbeForWrite
EtwRegister
EtwUnregister
ZwCreateFile
ZwDeleteFile
ZwCreateSection
PsInitialSystemProcess
LdrResFindResource
ZwSetInformationFile
ZwWriteFile
_wcsnicmp
ZwQueryDirectoryFile
ZwEnumerateKey
RtlGetNtProductType
RtlGetActiveConsoleId
KeAreAllApcsDisabled
KeBugCheckEx
ExSystemTimeToLocalTime
RtlNumberOfClearBits
RtlInitializeBitMap
ZwPowerInformation
ZwCreateKey
RtlFindClearBitsAndSet
RtlClearBits
PsGetServerSiloServiceSessionId
PsGetCurrentServerSilo
IoGetDeviceInterfaces
RtlWriteRegistryValue
ZwQueryValueKey
ZwSetSystemInformation
strncmp
ObOpenObjectByName
ObCreateObjectType
ObIsKernelHandle
RtlMapGenericMask
ObDuplicateObject
ExSemaphoreObjectType
KeInitializeSemaphore
ObDeleteCapturedInsertInfo
PsGetProcessExitProcessCalled
PsSetProcessDxgProcess
PsIsHostSilo
PsGetProcessServerSilo
PsGetThreadProperty
PsGetThreadSessionId
PsGetThreadWin32Thread
PsGetCurrentThreadProcess
PsGetProcessSessionIdEx
KeIsAttachedProcess
PsReferencePrimaryToken
SeQueryInformationToken
SeSecurityAttributePresent
PsDereferencePrimaryToken
RtlCapabilityCheck
ZwQueryInformationProcess
PsGetProcessExitStatus
RtlCompareUnicodeString
RtlIsMultiSessionSku
ZwQueryLicenseValue
RtlGetProductInfo
IoInvalidateDeviceRelations
wcsncpy_s
PsDetachSiloFromCurrentThread
TtmNotifyDeviceArrival
TtmNotifyDeviceDeparture
RtlFormatCurrentUserKeyPath
ObReferenceObjectByPointer
EtwSetInformation
RtlEqualUnicodeString
ord2
ZwTerminateProcess
PsGetThreadProcess
ObReferenceObjectByHandleWithTag
LpcPortObjectType
ObfDereferenceObjectWithTag
ObGetObjectSecurity
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetAce
RtlCopySid
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlAddAce
ObReleaseObjectSecurity
RtlCaptureStackBackTrace
RtlInt64ToUnicodeString
EtwWrite
sqrt
PoFxIdleComponent
PoFxReportDevicePoweredOn
IoQueueWorkItemEx
MmGetSystemRoutineAddress
IoCreateDevice
IoDeviceObjectType
ZwSetSecurityObject
IoIsWdmVersionAvailable
RtlAbsoluteToSelfRelativeSD
wcschr
RtlLengthSecurityDescriptor
_snwprintf
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
__chkstk
IoAllocateWorkItem
PoFxCompleteIdleState
ExpInterlockedPushEntrySList
ExInterlockedRemoveHeadList
KeSetEvent
ExInterlockedInsertTailList
KeWaitForSingleObject
ExpInterlockedPopEntrySList
ExAcquireFastMutex
ExReleaseFastMutex
DbgkWerCaptureLiveKernelDump
ExSystemExceptionFilter
RtlEnumerateGenericTableWithoutSplaying
ZwClearEvent
ZwSetEvent
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
MmMapViewInSessionSpace
MmUnmapViewInSessionSpace
RtlInitializeGenericTable
ZwWaitForMultipleObjects
NtClose
EtwpReenableStackWalkApc
EtwpDisableStackWalkApc
ExAcquireSpinLockExclusive
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockShared
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExReleaseSpinLockExclusive
KeIsExecutingDpc
KeSetTimer
EtwWriteTransfer
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
PoRegisterPowerSettingCallback
PoFxStartDevicePowerManagement
IoOpenDeviceRegistryKey
__C_specific_handler
RtlAnsiCharToUnicodeChar
ExCancelTimer
KeDetachProcess
ExShareAddressSpaceWithDevice
RtlUnicodeStringToInteger
KeReleaseMutex
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
ZwOpenSection
ZwMapViewOfSection
MmMapIoSpaceEx
ZwUnmapViewOfSection
MmUnmapIoSpace
KeInsertQueueDpc
KeSynchronizeExecution
IoSetDevicePropertyData
IoQueryFullDriverPath
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
PoRequestPowerIrp
IoCsqRemoveNextIrp
PoCallDriver
PoStartNextPowerIrp
IoInvalidateDeviceState
PoSetPowerState
IoGetDriverObjectExtension
IoInitializeRemoveLockEx
IoAttachDeviceToDeviceStack
IoGetDeviceProperty
KeInitializeMutex
ExQueryFastCacheDevLicense
RtlGetVersion
ExGetFirmwareType
IoDetachDevice
IoAllocateDriverObjectExtension
ExCreateCallback
ExRegisterCallback
IoReportRootDevice
RtlCheckRegistryKey
ExIsSoftBoot
ExInitializeNPagedLookasideList
HalDispatchTable
IoRegisterPlugPlayNotification
ExDeleteNPagedLookasideList
IoUnregisterPlugPlayNotificationEx
IoGetIommuInterface
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTagPriority
IoGetDevicePropertyData
InbvSetVirtualFrameBuffer
IoConnectInterruptEx
IoDisconnectInterruptEx
IoForwardIrpSynchronously
IoCsqInsertIrp
IoReleaseRemoveLockAndWaitEx
IoCsqInitialize
RtlCreateUnicodeString
RtlGUIDFromString
RtlStringFromGUID
RtlUpcaseUnicodeString
NtShutdownSystem
ObSetSecurityObjectByPointer
VerSetConditionMask
RtlVerifyVersionInfo
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ObDereferenceObjectDeferDelete
IoFreeIrp
IoAllocateIrp
KeReadStateMutex
IoGetLowerDeviceObject
IoCancelIrp
RtlAvlRemoveNode
RtlAvlInsertNodeEx
MmCreateMdl
KeTestSpinLock
MmGetPhysicalAddress
ObQueryNameString
IoFileObjectType
IoGetRelatedDeviceObject
RtlAppendStringToString
IoUnregisterPlugPlayNotification
ExUnregisterCallback
ZwDeviceIoControlFile
RtlGenerateClass5Guid
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlDeleteRegistryValue
RtlxAnsiStringToUnicodeSize
ZwQuerySecurityObject
RtlAddAccessAllowedAceEx
RtlValidSecurityDescriptor
KeInitializeGuardedMutex
KeAcquireGuardedMutex
KeReleaseGuardedMutex
IoSetDeviceInterfacePropertyData
RtlHashUnicodeString
ZwDeleteValueKey
ExReleasePushLockEx
RtlUnicodeStringToAnsiString
ExIsManufacturingModeEnabled
PsIsSystemProcess
SeCreateAccessState
ObCheckObjectAccess
SeDeleteAccessState
RtlFindExportedRoutineByName
KeSetImportanceDpc
ExAllocateTimer
ExDeleteTimer
KeSetActualBasePriorityThread
ExSetTimer
KeAttachProcess
wcscmp

hal

KeQueryPerformanceCounter
x86BiosCall
KeStallExecutionProcessor
HalGetBusDataByOffset
HalSetBusDataByOffset

watchdog.sys

DisplayScenarioJournalDPIInfo
DMgrReleaseGdiViewId
DMgrWriteDeviceCountToRegistry
DMgrAcquireGdiViewId
WdLogEvent5_WdPresentTokenEvent
WdLogNewEntry5_WdPresentTokenEvent
WdLogGetEventOrder
DMgrGetSmbiosInfo
WdLogGetRecentEvents
WdDbgReportCancel
WdDbgReportQueryInfo
WdDbgReportRecreate
WdQueryDebugFlag
WdDiagShutdown
WdDiagInit
SMgrUnregisterSessionChangeCallout
SMgrRegisterSessionChangeCallout
WdInitialize
WdDbgCreateSnapshot
WdDbgDestroySnapshot
WdLogEvent5_WdDmmEvent
WdLogNewEntry5_WdDmmEvent
WdDbgReportComplete
WdDbgReportSecondaryData
WdDbgReportCreate
WdDbgGetSecondaryDataMaxSize
WdIsDebuggerPresent
WdDiagNotifyUser
WdLogEvent5_WdPower
WdLogNewEntry5_WdPower
WdLogEvent5_WdWarning
WdLogNewEntry5_WdWarning
WdLogNewEntry5_WdTrace
WdLogEvent5_WdLowResource
WdLogNewEntry5_WdLowResource
SMgrGdiCallout
WdLogEvent5_WdEvent
WdLogNewEntry5_WdEvent
WdLogNewEntry5_WdAssertion
WdLogEvent5_WdAssertion
WdLogNewEntry5_WdCriticalError
WdLogEvent5_WdCriticalError
WdLogEvent5_WdError
WdpInterfaceReferenceNop
WdLogEvent5_WdTrace
DMgrIsSetupRunning
DisplayLogSetMonitorPowerStage
DisplayRestoreVidPnResult
DisplayScenarioJournalSetSetTimingPathInfo
DisplayScenarioJournalSetCommitVidPnStatus
DisplayScenarioJournalCCDRetrieval
WdLogNewEntry5_WdError
DisplayScenarioJournalVidPnSourceVisibility

ext-ms-win-ntos-ksr-l1-1-3

KsrQueryMetadata
KsrFreePersistedMemory
KsrClaimPersistedMemory
KsrEnumeratePersistedMemory
KsrPersistMemoryWithMetadata
KsrGetFirmwareInformation
KsrMdlToMemoryRuns

wmilib.sys

WmiSystemControl

Exports

Exports

?g_TdrForceDodPresentTimeout@@3JC
?g_TdrForceDodVSyncTimeout@@3JC
DpSynchronizeExecution
DpiGetDriverVersion
DpiGetDxgAdapter
DpiGetSchedulerCallbackState
DpiMapIommuContiguous
DpiMapIommuIdentityRange
DpiSetSchedulerCallbackState
DpiUnmapIommuContiguous
DpiUnmapIommuIdentityRange
DxgCoreInterface
DxgCreateLiveDumpWithWdLogs
DxgKrnlTelemetryGlobal_LogTelemetryEvent
DxgkAbandonSwapChain
DxgkAcquireKeyedMutex
DxgkAcquireKeyedMutex2
DxgkAcquireSwapChain
DxgkAddSurfaceToSwapChain
DxgkAdjustFullscreenGamma
DxgkCacheHybridQueryValue
DxgkChangeVideoMemoryReservation
DxgkCheckExclusiveOwnership
DxgkCheckMonitorPowerState
DxgkCheckMultiPlaneOverlaySupport
DxgkCheckMultiPlaneOverlaySupport2
DxgkCheckMultiPlaneOverlaySupport3
DxgkCheckOcclusion
DxgkCheckSharedResourceAccess
DxgkCheckVidPnExclusiveOwnership
DxgkCloseAdapter
DxgkConfigureSharedResource
DxgkCreateAllocation
DxgkCreateBundleObject
DxgkCreateContext
DxgkCreateContextVirtual
DxgkCreateDevice
DxgkCreateHwContext
DxgkCreateHwQueue
DxgkCreateKeyedMutex
DxgkCreateKeyedMutex2
DxgkCreateOutputDupl
DxgkCreateOverlay
DxgkCreatePagingQueue
DxgkCreateProtectedSession
DxgkCreateSwapChain
DxgkCreateSynchronizationObject
DxgkDDisplayEnum
DxgkDestroyAllocation
DxgkDestroyAllocation2
DxgkDestroyContext
DxgkDestroyDevice
DxgkDestroyHwContext
DxgkDestroyHwQueue
DxgkDestroyKeyedMutex
DxgkDestroyOutputDupl
DxgkDestroyOverlay
DxgkDestroyPagingQueue
DxgkDestroyProtectedSession
DxgkDestroySynchronizationObject
DxgkDispMgrCreate
DxgkDispMgrOperation
DxgkDispMgrSourceOperation
DxgkDispMgrTargetOperation
DxgkEnumAdapters
DxgkEnumAdapters2
DxgkEscape
DxgkEvict
DxgkExtractBundleObject
DxgkFlipOverlay
DxgkFlushHeapTransitions
DxgkFreeGpuVirtualAddress
DxgkGetAllocationPriority
DxgkGetCachedHybridQueryValue
DxgkGetContextInProcessSchedulingPriority
DxgkGetContextSchedulingPriority
DxgkGetDWMVerticalBlankEvent
DxgkGetDeviceState
DxgkGetDisplayModeList
DxgkGetMemoryBudgetTarget
DxgkGetMultiPlaneOverlayCaps
DxgkGetMultisampleMethodList
DxgkGetOverlayState
DxgkGetPostCompositionCaps
DxgkGetPresentHistory
DxgkGetPresentStats
DxgkGetProcessDeviceRemovalSupport
DxgkGetProcessSchedulingPriorityBand
DxgkGetProcessSchedulingPriorityClass
DxgkGetResourcePresentPrivateDriverData
DxgkGetRuntimeData
DxgkGetScanLine
DxgkGetSessionTokenManager
DxgkGetSetSwapChainMetadata
DxgkGetSharedPrimaryHandle
DxgkGetSharedResourceAdapterLuid
DxgkGetYieldPercentage
DxgkInvalidateActiveVidPn
DxgkInvalidateCache
DxgkLock
DxgkLock2
DxgkMakeResident
DxgkMapGpuVirtualAddress
DxgkMarkDeviceAsError
DxgkNetDispGetNextChunkInfo
DxgkNetDispQueryMiracastDisplayDeviceStatus
DxgkNetDispQueryMiracastDisplayDeviceSupport
DxgkNetDispStartMiracastDisplayDevice
DxgkNetDispStopMiracastDisplayDevice
DxgkOfferAllocations
DxgkOpenAdapterFromDeviceName
DxgkOpenAdapterFromHdc
DxgkOpenAdapterFromLuid
DxgkOpenBundleObjectNtHandleFromName
DxgkOpenDwmHandleForCompositionObjectReference
DxgkOpenHandleForCompositionObjectReference
DxgkOpenKeyedMutex
DxgkOpenKeyedMutex2
DxgkOpenKeyedMutexFromNtHandle
DxgkOpenNtHandleFromName
DxgkOpenProtectedSessionFromNtHandle
DxgkOpenResource
DxgkOpenResourceFromNtHandle
DxgkOpenSwapChain
DxgkOpenSyncObjectFromNtHandle
DxgkOpenSyncObjectFromNtHandle2
DxgkOpenSyncObjectNtHandleFromName
DxgkOpenSynchronizationObject
DxgkOutputDuplGetFrameInfo
DxgkOutputDuplGetMetaData
DxgkOutputDuplGetPointerShapeData
DxgkOutputDuplPresent
DxgkOutputDuplReleaseFrame
DxgkPollDisplayChildren
DxgkPresent
DxgkPresentMultiPlaneOverlay
DxgkPresentMultiPlaneOverlay2
DxgkPresentMultiPlaneOverlay3
DxgkPresentRedirected
DxgkQueryAdapterInfo
DxgkQueryAllocationResidency
DxgkQueryClockCalibration
DxgkQueryFSEBlock
DxgkQueryProcessOfferInfo
DxgkQueryProtectedSessionInfoFromNtHandle
DxgkQueryProtectedSessionStatus
DxgkQueryRemoteVidPnSourceFromGdiDisplayName
DxgkQueryResourceInfo
DxgkQueryResourceInfoFromNtHandle
DxgkQueryStatistics
DxgkQueryVidPnExclusiveOwnership
DxgkQueryVideoMemoryInfo
DxgkReclaimAllocations
DxgkReclaimAllocations2
DxgkReferenceCompositionObject
DxgkReleaseCompositionObjectReference
DxgkReleaseKeyedMutex
DxgkReleaseKeyedMutex2
DxgkReleaseProcessVidPnSourceOwners
DxgkReleaseSwapChain
DxgkRemoveSurfaceFromSwapChain
DxgkRender
DxgkReserveGpuVirtualAddress
DxgkSetAllocationPriority
DxgkSetContextInProcessSchedulingPriority
DxgkSetContextSchedulingPriority
DxgkSetDisplayMode
DxgkSetDodIndirectSwapchain
DxgkSetFSEBlock
DxgkSetGammaRamp
DxgkSetHwProtectionTeardownRecovery
DxgkSetMemoryBudgetTarget
DxgkSetMonitorColorSpaceTransform
DxgkSetProcessDeviceRemovalSupport
DxgkSetProcessSchedulingPriorityBand
DxgkSetProcessSchedulingPriorityClass
DxgkSetQueuedLimit
DxgkSetStablePowerState
DxgkSetStereoEnabled
DxgkSetSyncRefreshCountWaitTarget
DxgkSetVidPnSourceHwProtection
DxgkSetVidPnSourceOwner
DxgkSetYieldPercentage
DxgkShareObjects
DxgkSignalSynchronizationObject
DxgkSignalSynchronizationObjectFromCpu
DxgkSignalSynchronizationObjectFromGpu
DxgkSignalSynchronizationObjectFromGpu2
DxgkSubmitCommand
DxgkSubmitCommandToHwQueue
DxgkSubmitPresentBltToHwQueue
DxgkSubmitPresentToHwQueue
DxgkSubmitSignalSyncObjectsToHwQueue
DxgkSubmitWaitForSyncObjectsToHwQueue
DxgkTrimProcessCommitment
DxgkUnOrderedPresentSwapChain
DxgkUnlock
DxgkUnlock2
DxgkUnreferenceDxgAllocation
DxgkUnreferenceDxgResource
DxgkUpdateAllocationProperty
DxgkUpdateGpuVirtualAddress
DxgkUpdateOverlay
DxgkVidMmAllowFailOnOfferReclaimErrors
DxgkWaitForIdle
DxgkWaitForSynchronizationObject
DxgkWaitForSynchronizationObjectFromCpu
DxgkWaitForSynchronizationObjectFromGpu
DxgkWaitForVerticalBlankEvent
DxgkWaitForVerticalBlankEvent2
NtBindCompositionSurface
NtCreateCompositionSurfaceHandle
NtDxgkCreateTrackedWorkload
NtDxgkDestroyTrackedWorkload
NtDxgkDispMgrOperation
NtDxgkDisplayPortOperation
NtDxgkDuplicateHandle
NtDxgkEnumAdapters3
NtDxgkGetAvailableTrackedWorkloadIndex
NtDxgkGetProcessList
NtDxgkGetTrackedWorkloadStatistics
NtDxgkOutputDuplPresentToHwQueue
NtDxgkPinResources
NtDxgkRegisterVailProcess
NtDxgkResetTrackedWorkloadStatistics
NtDxgkSubmitPresentBltToHwQueue
NtDxgkSubmitPresentToHwQueue
NtDxgkUnpinResources
NtDxgkUpdateTrackedWorkload
NtDxgkVailConnect
NtDxgkVailDisconnect
NtDxgkVailPromoteCompositionSurface
NtFlipObjectAddContent
NtFlipObjectAddPoolBuffer
NtFlipObjectConsumerAcquirePresent
NtFlipObjectConsumerAdjustUsageReference
NtFlipObjectConsumerBeginProcessPresent
NtFlipObjectConsumerEndProcessPresent
NtFlipObjectConsumerPostMessage
NtFlipObjectConsumerQueryBufferInfo
NtFlipObjectCreate
NtFlipObjectDisconnectEndpoint
NtFlipObjectEnablePresentStatisticsType
NtFlipObjectOpen
NtFlipObjectPresentCancel
NtFlipObjectQueryBufferAvailableEvent
NtFlipObjectQueryEndpointConnected
NtFlipObjectQueryNextMessageToProducer
NtFlipObjectReadNextMessageToProducer
NtFlipObjectRemoveContent
NtFlipObjectRemovePoolBuffer
NtFlipObjectSetContent
NtFlipObjectSetMaximumBackchannelQueueDepth
NtGdiDdDDIAbandonSwapChain
NtGdiDdDDIAcquireKeyedMutex
NtGdiDdDDIAcquireKeyedMutex2
NtGdiDdDDIAcquireSwapChain
NtGdiDdDDIAddSurfaceToSwapChain
NtGdiDdDDIAdjustFullscreenGamma
NtGdiDdDDICacheHybridQueryValue
NtGdiDdDDIChangeVideoMemoryReservation
NtGdiDdDDICheckExclusiveOwnership
NtGdiDdDDICheckMonitorPowerState
NtGdiDdDDICheckMultiPlaneOverlaySupport
NtGdiDdDDICheckMultiPlaneOverlaySupport2
NtGdiDdDDICheckMultiPlaneOverlaySupport3
NtGdiDdDDICheckOcclusion
NtGdiDdDDICheckSharedResourceAccess
NtGdiDdDDICheckVidPnExclusiveOwnership
NtGdiDdDDICloseAdapter
NtGdiDdDDIConfigureSharedResource
NtGdiDdDDICreateAllocation
NtGdiDdDDICreateBundleObject
NtGdiDdDDICreateContext
NtGdiDdDDICreateContextVirtual
NtGdiDdDDICreateDevice
NtGdiDdDDICreateHwContext
NtGdiDdDDICreateHwQueue
NtGdiDdDDICreateKeyedMutex
NtGdiDdDDICreateKeyedMutex2
NtGdiDdDDICreateOutputDupl
NtGdiDdDDICreateOverlay
NtGdiDdDDICreatePagingQueue
NtGdiDdDDICreateProtectedSession
NtGdiDdDDICreateSwapChain
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIDDisplayEnum
NtGdiDdDDIDestroyAllocation
NtGdiDdDDIDestroyAllocation2
NtGdiDdDDIDestroyContext
NtGdiDdDDIDestroyDevice
NtGdiDdDDIDestroyHwContext
NtGdiDdDDIDestroyHwQueue
NtGdiDdDDIDestroyKeyedMutex
NtGdiDdDDIDestroyOutputDupl
NtGdiDdDDIDestroyOverlay
NtGdiDdDDIDestroyPagingQueue
NtGdiDdDDIDestroyProtectedSession
NtGdiDdDDIDestroySynchronizationObject
NtGdiDdDDIDispMgrCreate
NtGdiDdDDIDispMgrSourceOperation
NtGdiDdDDIDispMgrTargetOperation
NtGdiDdDDIEnumAdapters
NtGdiDdDDIEnumAdapters2
NtGdiDdDDIEscape
NtGdiDdDDIEvict
NtGdiDdDDIExtractBundleObject
NtGdiDdDDIFlipOverlay
NtGdiDdDDIFlushHeapTransitions
NtGdiDdDDIFreeGpuVirtualAddress
NtGdiDdDDIGetAllocationPriority
NtGdiDdDDIGetCachedHybridQueryValue
NtGdiDdDDIGetContextInProcessSchedulingPriority
NtGdiDdDDIGetContextSchedulingPriority
NtGdiDdDDIGetDWMVerticalBlankEvent
NtGdiDdDDIGetDeviceState
NtGdiDdDDIGetDisplayModeList
NtGdiDdDDIGetMemoryBudgetTarget
NtGdiDdDDIGetMultiPlaneOverlayCaps
NtGdiDdDDIGetMultisampleMethodList
NtGdiDdDDIGetOverlayState
NtGdiDdDDIGetPostCompositionCaps
NtGdiDdDDIGetPresentHistory
NtGdiDdDDIGetPresentStatsInternal
NtGdiDdDDIGetProcessDeviceRemovalSupport
NtGdiDdDDIGetProcessSchedulingPriorityBand
NtGdiDdDDIGetProcessSchedulingPriorityClass
NtGdiDdDDIGetResourcePresentPrivateDriverData
NtGdiDdDDIGetRuntimeData
NtGdiDdDDIGetScanLine
NtGdiDdDDIGetSetSwapChainMetadata
NtGdiDdDDIGetSharedPrimaryHandle
NtGdiDdDDIGetSharedResourceAdapterLuid
NtGdiDdDDIGetSharedResourceAdapterLuidFlipManager
NtGdiDdDDIGetYieldPercentage
NtGdiDdDDIInvalidateActiveVidPn
NtGdiDdDDIInvalidateCache
NtGdiDdDDILock
NtGdiDdDDILock2
NtGdiDdDDIMakeResident
NtGdiDdDDIMapGpuVirtualAddress
NtGdiDdDDIMarkDeviceAsError
NtGdiDdDDINetDispGetNextChunkInfo
NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus
NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtGdiDdDDINetDispStopMiracastDisplayDevice
NtGdiDdDDIOfferAllocations
NtGdiDdDDIOpenAdapterFromDeviceName
NtGdiDdDDIOpenAdapterFromHdc
NtGdiDdDDIOpenAdapterFromLuid
NtGdiDdDDIOpenBundleObjectNtHandleFromName
NtGdiDdDDIOpenKeyedMutex
NtGdiDdDDIOpenKeyedMutex2
NtGdiDdDDIOpenKeyedMutexFromNtHandle
NtGdiDdDDIOpenNtHandleFromName
NtGdiDdDDIOpenProtectedSessionFromNtHandle
NtGdiDdDDIOpenResource
NtGdiDdDDIOpenResourceFromNtHandle
NtGdiDdDDIOpenSwapChain
NtGdiDdDDIOpenSyncObjectFromNtHandle
NtGdiDdDDIOpenSyncObjectFromNtHandle2
NtGdiDdDDIOpenSyncObjectNtHandleFromName
NtGdiDdDDIOpenSynchronizationObject
NtGdiDdDDIOutputDuplGetFrameInfo
NtGdiDdDDIOutputDuplGetMetaData
NtGdiDdDDIOutputDuplGetPointerShapeData
NtGdiDdDDIOutputDuplPresent
NtGdiDdDDIOutputDuplReleaseFrame
NtGdiDdDDIPollDisplayChildren
NtGdiDdDDIPresent
NtGdiDdDDIPresentMultiPlaneOverlay
NtGdiDdDDIPresentMultiPlaneOverlay2
NtGdiDdDDIPresentMultiPlaneOverlay3
NtGdiDdDDIPresentRedirected
NtGdiDdDDIQueryAdapterInfo
NtGdiDdDDIQueryAllocationResidency
NtGdiDdDDIQueryClockCalibration
NtGdiDdDDIQueryFSEBlock
NtGdiDdDDIQueryProcessOfferInfo
NtGdiDdDDIQueryProtectedSessionInfoFromNtHandle
NtGdiDdDDIQueryProtectedSessionStatus
NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName
NtGdiDdDDIQueryResourceInfo
NtGdiDdDDIQueryResourceInfoFromNtHandle
NtGdiDdDDIQueryStatistics
NtGdiDdDDIQueryVidPnExclusiveOwnership
NtGdiDdDDIQueryVideoMemoryInfo
NtGdiDdDDIReclaimAllocations
NtGdiDdDDIReclaimAllocations2
NtGdiDdDDIReleaseKeyedMutex
NtGdiDdDDIReleaseKeyedMutex2
NtGdiDdDDIReleaseProcessVidPnSourceOwners
NtGdiDdDDIReleaseSwapChain
NtGdiDdDDIRemoveSurfaceFromSwapChain
NtGdiDdDDIRender
NtGdiDdDDIReserveGpuVirtualAddress
NtGdiDdDDISetAllocationPriority
NtGdiDdDDISetContextInProcessSchedulingPriority
NtGdiDdDDISetContextSchedulingPriority
NtGdiDdDDISetDisplayMode
NtGdiDdDDISetDodIndirectSwapchain
NtGdiDdDDISetFSEBlock
NtGdiDdDDISetGammaRamp
NtGdiDdDDISetHwProtectionTeardownRecovery
NtGdiDdDDISetMemoryBudgetTarget
NtGdiDdDDISetMonitorColorSpaceTransform
NtGdiDdDDISetProcessDeviceRemovalSupport
NtGdiDdDDISetProcessSchedulingPriorityBand
NtGdiDdDDISetProcessSchedulingPriorityClass
NtGdiDdDDISetQueuedLimit
NtGdiDdDDISetStablePowerState
NtGdiDdDDISetStereoEnabled
NtGdiDdDDISetSyncRefreshCountWaitTarget
NtGdiDdDDISetVidPnSourceHwProtection
NtGdiDdDDISetVidPnSourceOwner
NtGdiDdDDISetYieldPercentage
NtGdiDdDDIShareObjects
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDISignalSynchronizationObjectFromCpu
NtGdiDdDDISignalSynchronizationObjectFromGpu
NtGdiDdDDISignalSynchronizationObjectFromGpu2
NtGdiDdDDISubmitCommand
NtGdiDdDDISubmitCommandToHwQueue
NtGdiDdDDISubmitSignalSyncObjectsToHwQueue
NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue
NtGdiDdDDITrimProcessCommitment
NtGdiDdDDIUnOrderedPresentSwapChain
NtGdiDdDDIUnlock
NtGdiDdDDIUnlock2
NtGdiDdDDIUpdateAllocationProperty
NtGdiDdDDIUpdateGpuVirtualAddress
NtGdiDdDDIUpdateOverlay
NtGdiDdDDIWaitForIdle
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObjectFromCpu
NtGdiDdDDIWaitForSynchronizationObjectFromGpu
NtGdiDdDDIWaitForVerticalBlankEvent
NtGdiDdDDIWaitForVerticalBlankEvent2
NtNotifyPresentToCompositionSurface
NtOpenCompositionSurfaceDirtyRegion
NtOpenCompositionSurfaceSectionInfo
NtOpenCompositionSurfaceSwapChainHandleInfo
NtQueryCompositionSurfaceBinding
NtQueryCompositionSurfaceHDRMetaData
NtQueryCompositionSurfaceRenderingRealization
NtQueryCompositionSurfaceStatistics
NtSetCompositionSurfaceAnalogExclusive
NtSetCompositionSurfaceBufferUsage
NtSetCompositionSurfaceDirectFlipState
NtSetCompositionSurfaceIndependentFlipInfo
NtSetCompositionSurfaceStatistics
NtTokenManagerConfirmOutstandingAnalogToken
NtTokenManagerCreateCompositionTokenHandle
NtTokenManagerCreateFlipObjectReturnTokenHandle
NtTokenManagerCreateFlipObjectTokenHandle
NtTokenManagerGetAnalogExclusiveSurfaceUpdates
NtTokenManagerGetAnalogExclusiveTokenEvent
NtTokenManagerOpenSectionAndEvents
NtTokenManagerThread
NtUnBindCompositionSurface
NtValidateCompositionSurfaceHandle
TdrAllowToDebugEngineTimeout
TdrCollectDbgInfoStage1
TdrCollectDbgInfoStage2
TdrCompleteRecoveryContext
TdrCreateRecoveryContext
TdrHistoryInit
TdrHistoryIsLimitExhausted
TdrHistoryUpdate
TdrIsEnabled
TdrIsRecoveryRequired
TdrIsTimeoutForcedFlip
TdrResetFromTimeout
TdrResetFromTimeoutAsync
TdrUpdateDbgReport
TraceDxgkBlockThread
TraceDxgkContext
TraceDxgkDevice
TraceDxgkFunctionProfiler
TraceDxgkPerformanceWarning
g_DxgKrnlTelemetryProviderGlobal
g_IsInternalRelease
g_IsInternalReleaseOrDbg
g_OutputDuplicationTestControl
g_TdrConfig
g_TdrForceTimeout

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dxgknpd
Size: - Virtual size: 5B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NONPAGE
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/msvcp140.dll

Sharing

General

Malware Config

Signatures

Files

2ca53fefee819fb338d7a7a06e21cce5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 6KB

ac20eaef92ae043b01cca4b039a9d832

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

55:7c:d1:df:78:d9:cf:54:84:48:b6:e7:73:b7:1b:bd:ab:f5:26:bb:ce:8d:a4:ae:85:4d:24:ef:40:28:dd:a7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

watchdog.sys

ext-ms-win-ntos-ksr-l1-1-3

wmilib.sys

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 440KB

.dxgknpd Size: - Virtual size: 5B

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 102KB - Virtual size: 101KB

.idata Size: 22KB - Virtual size: 21KB

NONPAGE Size: 512B - Virtual size: 176B

PAGE Size: 2.2MB - Virtual size: 2.2MB

.edata Size: 19KB - Virtual size: 18KB

INIT Size: 5KB - Virtual size: 4KB

GFIDS Size: 8KB - Virtual size: 8KB

.rsrc Size: 484KB - Virtual size: 483KB

.reloc Size: 151KB - Virtual size: 151KB

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

55:7c:d1:df:78:d9:cf:54:84:48:b6:e7:73:b7:1b:bd:ab:f5:26:bb:ce:8d:a4:ae:85:4d:24:ef:40:28:dd:a7
Signer

.text
Size: 440KB - Virtual size: 440KB

.dxgknpd
Size: - Virtual size: 5B

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 102KB - Virtual size: 101KB

.idata
Size: 22KB - Virtual size: 21KB

NONPAGE
Size: 512B - Virtual size: 176B

PAGE
Size: 2.2MB - Virtual size: 2.2MB

.edata
Size: 19KB - Virtual size: 18KB

INIT
Size: 5KB - Virtual size: 4KB

GFIDS
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 484KB - Virtual size: 483KB

.reloc
Size: 151KB - Virtual size: 151KB