02727e6ef017b0b5de37b1b5e8069bbf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02727e6ef017b0b5de37b1b5e8069bbf_JaffaCakes118
Size

6.4MB
MD5

02727e6ef017b0b5de37b1b5e8069bbf
SHA1

6700cb5a3e788782d0e1a7c2858018f59db2b223
SHA256

7193593679e5d0dc40e33edd09a5b1764e7b00a7346ee877c08b1b3b8af68367
SHA512

4a0889c1be046ec05ddd8af03f4477d0e85fa20ceb2ef6f19b2d28bbe170f5e361aff45b2fe5c9e60394d641a231c0922b32f273a6ebd143c33e8441a72430c3
SSDEEP

98304:UQMCO6/MJLeQuMfgVPvR/wLht7m9wcIxEhpfUpt31q2C/RRn/XZ5XAx5U4FVqLq4:3DquMYILfmIxE/spx1CfXZlAzUyILq4

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 15 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/ExMon.dll	aspack_v212_v242
static1/unpack001/LDK5AUX.BIN	aspack_v212_v242
static1/unpack001/cfgmgr.exe	aspack_v212_v242
static1/unpack001/cliBD.exe	aspack_v212_v242
static1/unpack001/cliUp.exe	aspack_v212_v242
static1/unpack001/cliloc.exe	aspack_v212_v242
static1/unpack001/cliopt.exe	aspack_v212_v242
static1/unpack001/concpl.cpl	aspack_v212_v242
static1/unpack001/nxpauxsvc.exe	aspack_v212_v242
static1/unpack001/nxprun.exe	aspack_v212_v242
static1/unpack001/nzFile.exe	aspack_v212_v242
static1/unpack001/nznotify.dll	aspack_v212_v242
static1/unpack001/nzrpccli.dll	aspack_v212_v242
static1/unpack001/nzviewer_en.exe	aspack_v212_v242
static1/unpack001/synccfg.exe	aspack_v212_v242

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
02727e6ef017b0b5de37b1b5e8069bbf_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/LDK5AUX.BIN
unpack001/at1Gxp.sys
unpack001/concpl.cpl

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

02727e6ef017b0b5de37b1b5e8069bbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
81392k.sys
.sys windows:5 windows x86 arch:x86

95bde89413123c4a2a03ca2a774a6671

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:b9:64:ae:08:7e:b5:6d:11:0a:20:c1:12:39:21:2d:3b:81:54:93
Signer

Actual PE Digest

46:b9:64:ae:08:7e:b5:6d:11:0a:20:c1:12:39:21:2d:3b:81:54:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\test3\649_2\5069\objfre_w2K_x86\i386\Rtnic.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_alldiv
_allrem
ExInitializeNPagedLookasideList
IofCompleteRequest
ExDeleteNPagedLookasideList
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList

hal

KeStallExecutionProcessor
READ_PORT_UCHAR
READ_PORT_USHORT
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG

ndis.sys

NdisInitializeEvent
NdisSystemProcessorCount
NdisFreePacket
NdisAllocatePacket
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisGetCurrentSystemTime
NdisMSynchronizeWithInterrupt
NdisAllocateSpinLock
NdisFreeMemory
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMMapIoSpace
NdisWriteErrorLogEntry
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisMSleep
NdisReleaseSpinLock
NdisAcquireSpinLock
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMAllocateSharedMemory
NdisFreeSpinLock
NdisMFreeMapRegisters
NdisFreeBuffer
NdisMFreeSharedMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisSetTimer
NdisMInitializeTimer
NdisDprReleaseSpinLock
NdisDprAcquireSpinLock
NdisQueryBuffer
NdisInterlockedIncrement
NdisAdjustBufferLength
NdisMDeregisterDevice
NdisSetEvent
NdisInterlockedDecrement
NdisMRegisterDevice
NdisInitUnicodeString
NdisMCancelTimer
NdisMDeregisterAdapterShutdownHandler
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocatePacketPoolEx
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocateMemoryWithTag
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8139xp.sys
.sys windows:5 windows x86 arch:x86

5312cc67fbdb4591c040101e7b41c91c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:e2:5b:0e:94:e8:0d:f6:c6:b7:a1:4a:aa:c8:19:ce:5a:64:40:49
Signer

Actual PE Digest

08:e2:5b:0e:94:e8:0d:f6:c6:b7:a1:4a:aa:c8:19:ce:5a:64:40:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\test3\649_2\5169\objfre_wxp_x86\i386\Rtnicxp.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_alldiv
_allrem
ExInitializeNPagedLookasideList
IofCompleteRequest
ExDeleteNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList

hal

KeStallExecutionProcessor
READ_PORT_UCHAR
READ_PORT_USHORT
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG

ndis.sys

NdisAllocatePacket
NdisInitializeEvent
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisGetCurrentSystemTime
NdisMAllocateMapRegisters
NdisMDeregisterAdapterShutdownHandler
NdisMSynchronizeWithInterrupt
NdisFreePacket
NdisMFreeMapRegisters
NdisMRegisterInterrupt
NdisMMapIoSpace
NdisWriteErrorLogEntry
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisMSleep
NdisDprReleaseSpinLock
NdisDprAcquireSpinLock
NdisMRemoveMiniport
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMAllocateSharedMemory
NdisFreeSpinLock
NdisFreeMemory
NdisFreeBuffer
NdisMFreeSharedMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisSetTimer
NdisMInitializeTimer
NdisQueryBufferSafe
NdisInterlockedIncrement
NdisAdjustBufferLength
NdisMDeregisterDevice
NdisInterlockedDecrement
NdisSetEvent
NdisMRegisterDevice
NdisInitUnicodeString
NdisMCancelTimer
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocatePacketPoolEx
NdisAllocateBuffer
NdisMGetDmaAlignment
NdisAllocateBufferPool
NdisAllocateMemoryWithTag
NdisMInitializeScatterGatherDma
NdisSystemProcessorCount
NdisAllocateSpinLock

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
81682k.sys
.sys windows:6 windows x86 arch:x86

dcdb2a1bb889d5c8c7f93bdda2317155

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

11/06/2013, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

60:c5:d0:2b:94:37:c4:10:2e:9e:0e:7b:2e:94:b6:ed:eb:c3:09:72
Signer

Actual PE Digest

60:c5:d0:2b:94:37:c4:10:2e:9e:0e:7b:2e:94:b6:ed:eb:c3:09:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\770\50\objfre_w2k_x86\i386\Rtenic.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeQuerySystemTime
_allrem
ExInitializeNPagedLookasideList
IofCompleteRequest
MmMapLockedPages
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
memcpy
RtlInitUnicodeString
ExDeleteNPagedLookasideList
IoFreeMdl
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
MmUnmapIoSpace
MmMapIoSpace
memset

hal

READ_PORT_UCHAR
KeGetCurrentIrql
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisInitializeEvent
NdisInitializeWrapper
NdisMRegisterMiniport
NdisAllocateMemoryWithTag
NdisWaitEvent
NdisMRegisterDevice
NdisMDeregisterDevice
NdisMCancelTimer
NdisAllocatePacketPoolEx
NdisMAllocateMapRegisters
NdisSystemProcessorCount
NdisFreePacket
NdisAllocatePacket
NdisMInitializeScatterGatherDma
NdisMStartBufferPhysicalMapping
NdisMCompleteBufferPhysicalMapping
NdisMDeregisterAdapterShutdownHandler
NdisOpenConfiguration
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisWriteErrorLogEntry
NdisMMapIoSpace
NdisMSetAttributesEx
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMFreeSharedMemory
NdisAllocateBuffer
NdisMAllocateSharedMemory
NdisAllocateBufferPool
NdisMFreeMapRegisters
NdisFreeMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisWriteConfiguration
NdisSetTimer
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisSetEvent
NdisMSynchronizeWithInterrupt

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8168xp.sys
.sys windows:6 windows x86 arch:x86

c97590ad76e497f8dc1300c37847489f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

11/06/2013, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:5d:80:0d:ca:35:79:a5:54:d9:aa:e8:2f:e6:2e:83:8f:65:58:9c
Signer

Actual PE Digest

53:5d:80:0d:ca:35:79:a5:54:d9:aa:e8:2f:e6:2e:83:8f:65:58:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\770\51\objfre_wxp_x86\i386\Rtenicxp.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeQuerySystemTime
_allrem
ExInitializeNPagedLookasideList
IofCompleteRequest
MmMapLockedPagesSpecifyCache
memcpy
RtlInitUnicodeString
ExDeleteNPagedLookasideList
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
MmUnmapIoSpace
MmMapIoSpace
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel

hal

READ_PORT_UCHAR
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
KeStallExecutionProcessor

ndis.sys

NdisAllocatePacketPoolEx
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisMGetDmaAlignment
NdisMRegisterMiniport
NdisWaitEvent
NdisMRegisterDevice
NdisMDeregisterDevice
NdisMInitializeScatterGatherDma
NdisSystemProcessorCount
NdisFreePacket
NdisAllocatePacket
NdisMStartBufferPhysicalMapping
NdisMCompleteBufferPhysicalMapping
NdisMAllocateMapRegisters
NdisMDeregisterAdapterShutdownHandler
NdisInitializeWrapper
NdisOpenConfiguration
NdisGetCurrentProcessorCounts
NdisMInitializeTimer
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisWriteErrorLogEntry
NdisMMapIoSpace
NdisMSetAttributesEx
NdisMRemoveMiniport
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMFreeSharedMemory
NdisAllocateBuffer
NdisMAllocateSharedMemory
NdisAllocateBufferPool
NdisMFreeMapRegisters
NdisFreeMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisWriteConfiguration
NdisSetTimer
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisSetEvent
NdisMSynchronizeWithInterrupt
NdisMCancelTimer

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
81xx2k.sys
.sys windows:5 windows x86 arch:x86

2225659ddb26037da556c2c09c549e01

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ff:c3:9f:30:aa:4f:f1:4e:93:96:d2:66:df:7c:9f:76:f6:ee:3b
Signer

Actual PE Digest

32:ff:c3:9f:30:aa:4f:f1:4e:93:96:d2:66:df:7c:9f:76:f6:ee:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\test3\code\5069\objfre_w2K_x86\i386\Rtnic.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_allrem
ExInitializeNPagedLookasideList
IofCompleteRequest
ExDeleteNPagedLookasideList
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList

hal

WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_UCHAR
KeStallExecutionProcessor

ndis.sys

NdisFreePacket
NdisAllocatePacket
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisGetCurrentSystemTime
NdisMSynchronizeWithInterrupt
NdisAllocateSpinLock
NdisInitializeEvent
NdisMFreeMapRegisters
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisWriteErrorLogEntry
NdisMMapIoSpace
NdisMSetAttributesEx
NdisMSleep
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisSetEvent
NdisInterlockedDecrement
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMAllocateSharedMemory
NdisFreeSpinLock
NdisFreeMemory
NdisFreeBuffer
NdisMFreeSharedMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisSetTimer
NdisMInitializeTimer
NdisDprReleaseSpinLock
NdisDprAcquireSpinLock
NdisQueryBuffer
NdisInterlockedIncrement
NdisAdjustBufferLength
NdisMDeregisterDevice
NdisMRegisterDevice
NdisInitUnicodeString
NdisWaitEvent
NdisMCancelTimer
NdisMDeregisterAdapterShutdownHandler
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocatePacketPoolEx
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocateMemoryWithTag
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisSystemProcessorCount

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
81xxxp.sys
.sys windows:6 windows x86 arch:x86

16ef70fb386671afd8fd87e8b59c0a01

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:90:ae:3f:da:23:27:ea:9b:a2:f9:20:66:88:51:93:6d:24:f4:db
Signer

Actual PE Digest

fc:90:ae:3f:da:23:27:ea:9b:a2:f9:20:66:88:51:93:6d:24:f4:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\test3\code\5169\objfre_wxp_x86\i386\Rtnicxp.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeQuerySystemTime
_allrem
ExInitializeNPagedLookasideList
RtlInitUnicodeString
IofCompleteRequest
MmMapLockedPagesSpecifyCache
memcpy
ExDeleteNPagedLookasideList
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel

hal

WRITE_PORT_UCHAR
WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_UCHAR
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

ndis.sys

NdisMInitializeScatterGatherDma
NdisAllocateMemoryWithTag
NdisAllocateBufferPool
NdisSystemProcessorCount
NdisAllocateBuffer
NdisAllocatePacketPoolEx
NdisInitializeWrapper
NdisFreePacket
NdisAllocatePacket
NdisInitializeEvent
NdisMStartBufferPhysicalMapping
NdisMCompleteBufferPhysicalMapping
NdisMAllocateMapRegisters
NdisMDeregisterAdapterShutdownHandler
NdisMSynchronizeWithInterrupt
NdisMGetDmaAlignment
NdisOpenConfiguration
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisWriteErrorLogEntry
NdisMMapIoSpace
NdisMSetAttributesEx
NdisMSleep
NdisMRemoveMiniport
NdisSetEvent
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisMQueryAdapterResources
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMFreeMapRegisters
NdisFreeMemory
NdisMFreeSharedMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMDeregisterIoPortRange
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisMAllocateSharedMemory
NdisSetTimer
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMInitializeTimer
NdisMDeregisterDevice
NdisMRegisterDevice
NdisWaitEvent
NdisMCancelTimer
NdisMRegisterMiniport

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
E82567.reg
E82567LM.reg
E82575.reg
E82579LM.reg
EL1G2k.SYS
.sys windows:5 windows x86 arch:x86

17c6b85e25b04a4d515f1db96eeb5fa8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:7b:fc:de:f2:00:1e:27:6c:93:3e:ab:64:80:2b:85:77:ec:46:35
Signer

Actual PE Digest

c8:7b:fc:de:f2:00:1e:27:6c:93:3e:ab:64:80:2b:85:77:ec:46:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\102350\intel\base\free\i386\e1e5032.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
MmLockPagableDataSection
MmUnlockPagableImageSection
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
ZwQueryValueKey
ZwClose
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeQuerySystemTime
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_ULONG
WRITE_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMFreeMapRegisters
NdisMAllocateMapRegisters
NdisTerminateWrapper
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisMDeregisterIoPortRange
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMDeregisterInterrupt
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisMUnmapIoSpace
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisMSetPeriodicTimer
NdisInitializeEvent
NdisOpenConfiguration
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisMQueryAdapterInstanceName
NdisCloseConfiguration
NdisReadConfiguration
NdisWriteEventLogEntry
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EL1GXP.SYS
.sys windows:5 windows x86 arch:x86

1105196505ff77cf5212cf02085a9cee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

35:70:58:0f:54:63:05:34:3f:84:bd:45:e0:05:bf:67:a5:0f:7e:34
Signer

Actual PE Digest

35:70:58:0f:54:63:05:34:3f:84:bd:45:e0:05:bf:67:a5:0f:7e:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\102350\intel\base\free\i386\e1e5132.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
ZwOpenFile
MmLockPagableDataSection
MmUnlockPagableImageSection
KeQueryActiveProcessors
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
ZwQueryValueKey
ZwClose
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeQuerySystemTime
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_ULONG
WRITE_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisSystemProcessorCount
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMPciAssignResources
NdisTerminateWrapper
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisMSynchronizeWithInterrupt
NdisGetVersion
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisGetRoutineAddress
NdisMDeregisterInterrupt

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExMon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:0b:01:32:e7:ef:d6:50:cf:88:91:30:d2:9e:93:11:23:86:45:90
Signer

Actual PE Digest

1b:0b:01:32:e7:ef:d6:50:cf:88:91:30:d2:9e:93:11:23:86:45:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSystemMagic
ShowSettingFM

Sections

CODE
Size: 205KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LDK5AUX.BIN
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSystemMagic
ShowSettingFM

Sections

CODE
Size: 205KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NIC.INI
OemText_en.ini
OemText_gb.ini
Rtl8169.reg
SISNIC2K.sys
.sys windows:5 windows x86 arch:x86

8aa8b9a9a06c53cde7b4adbeae5943ea

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:e7:ca:b8:6f:b5:e6:c8:36:a2:a9:c2:d3:60:3c:4a:8e:9a:2c:78
Signer

Actual PE Digest

d4:e7:ca:b8:6f:b5:e6:c8:36:a2:a9:c2:d3:60:3c:4a:8e:9a:2c:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\network\SISNIC\objfre_w2K_x86\i386\SISNIC.pdb

Imports

hal

WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_UCHAR
WRITE_PORT_UCHAR
KeStallExecutionProcessor

ndis.sys

NdisFreeMemory
NdisQueryBuffer
NdisMStartBufferPhysicalMapping
NdisGetBufferPhysicalArraySize
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisAllocateMemoryWithTag
NdisSetTimer
NdisMCancelTimer
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisMCompleteBufferPhysicalMapping
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisFreeSpinLock
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisMInitializeTimer
NdisMRegisterInterrupt
NdisMMapIoSpace
NdisMAllocateMapRegisters
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisWriteErrorLogEntry
NdisAllocateSpinLock
NdisMDeregisterAdapterShutdownHandler
NdisMRegisterAdapterShutdownHandler
NdisImmediateWritePciSlotInformation
NdisImmediateReadPciSlotInformation
NdisReadNetworkAddress
NdisWriteConfiguration
NdisCloseConfiguration
NdisOpenConfigurationKeyByName
NdisReadConfiguration
NdisOpenConfiguration
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SISNICXP.sys
.sys windows:5 windows x86 arch:x86

aa8176f2de1d75da9a4f5fe5d32e337b

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:be:47:ab:b1:8b:51:71:0b:fa:6b:04:b0:6e:49:4a:d6:b2:a0:50
Signer

Actual PE Digest

47:be:47:ab:b1:8b:51:71:0b:fa:6b:04:b0:6e:49:4a:d6:b2:a0:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\network\SISNIC\objfre_wxp_x86\i386\SISNIC.pdb

Imports

hal

WRITE_PORT_ULONG
READ_PORT_ULONG
READ_PORT_UCHAR
WRITE_PORT_UCHAR
KeStallExecutionProcessor

ndis.sys

NdisFreeMemory
NdisQueryBufferSafe
NdisMStartBufferPhysicalMapping
NdisGetBufferPhysicalArraySize
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisAllocateMemoryWithTag
NdisSetTimer
NdisMCancelTimer
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisMCompleteBufferPhysicalMapping
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisFreeSpinLock
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMUnmapIoSpace
NdisMDeregisterInterrupt
NdisMInitializeTimer
NdisMRegisterInterrupt
NdisMMapIoSpace
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisWriteErrorLogEntry
NdisAllocateSpinLock
NdisReadPciSlotInformation
NdisReadNetworkAddress
NdisWriteConfiguration
NdisCloseConfiguration
NdisOpenConfigurationKeyByName
NdisReadConfiguration
NdisOpenConfiguration
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
at1G2k.sys
.sys windows:5 windows x86 arch:x86

71c87d374f4183c70b6c7d8152d59044

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:f3:86:31:1e:87:87:8c:d2:40:e1:24:5a:35:19:0d:5b:ea:a0:ea
Signer

Actual PE Digest

2a:f3:86:31:1e:87:87:8c:d2:40:e1:24:5a:35:19:0d:5b:ea:a0:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\CVS\eos\L1\Windows\Driver_A25_0.3.3790.105\objfre_w2K_x86\i386\atl01_2k.pdb

Imports

ntoskrnl.exe

WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
IofCompleteRequest
WRITE_REGISTER_ULONG

hal

KeStallExecutionProcessor

ndis.sys

NdisAllocateBuffer
NdisAdjustBufferLength
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisInitUnicodeString
NdisMSleep
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMRemoveMiniport
NdisDprReleaseSpinLock
NdisUnchainBufferAtBack
NdisDprAcquireSpinLock
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisWriteErrorLogEntry
NdisReadPciSlotInformation
NdisMRegisterAdapterShutdownHandler
NdisFreeMemory
NdisMSetAttributesEx
NdisAllocateMemoryWithTag
NdisMDeregisterAdapterShutdownHandler
NdisInterlockedIncrement
NdisInterlockedDecrement
NdisWritePciSlotInformation
NdisMRegisterDevice
NdisMDeregisterDevice
NdisMQueryAdapterResources
NdisCloseConfiguration
NdisUpcaseUnicodeString
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisMSetMiniportSecondary
NdisAllocateSpinLock
NdisMPromoteMiniport
NdisFreeSpinLock
NdisMUnmapIoSpace
NdisFreePacketPool
NdisFreePacket
NdisMDeregisterInterrupt
NdisAllocatePacket
NdisAllocatePacketPool
NdisMRegisterInterrupt
NdisMMapIoSpace
NdisQueryBufferSafe
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisFreeBuffer

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
at1Gxp.sys
.sys windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b44xx2k.sys
.sys windows:5 windows x86 arch:x86

297111a615c19a701849faf54416fee4

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:2b:8d:ba:f6:68:cb:96:9f:33:4c:b5:a5:7f:cc:cc:c0:2b:7e:b9
Signer

Actual PE Digest

e1:2b:8d:ba:f6:68:cb:96:9f:33:4c:b5:a5:7f:cc:cc:c0:2b:7e:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_aullshr
sprintf
MmFreeContiguousMemorySpecifyCache
MmAllocateContiguousMemorySpecifyCache
MmGetPhysicalAddress

hal

KeStallExecutionProcessor

ndis.sys

NdisAdjustBufferLength
NdisFreeBuffer
NdisReadNetworkAddress
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMUnmapIoSpace
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisWritePciSlotInformation
NdisMRegisterInterrupt
NdisMRegisterAdapterShutdownHandler
NdisMInitializeTimer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisMAllocateMapRegisters
NdisAllocateSpinLock
NdisMSetAttributesEx
NdisReadPciSlotInformation
NdisWriteErrorLogEntry
NdisMMapIoSpace
NdisMPciAssignResources
NdisFreeSpinLock
NdisMFreeMapRegisters
NdisFreeBufferPool
NdisFreePacketPool
NdisMDeregisterAdapterShutdownHandler
NdisMDeregisterInterrupt
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisSetTimer
NdisMCancelTimer
NdisMSynchronizeWithInterrupt
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisQueryBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 832B - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b44xxxp.sys
.sys windows:5 windows x86 arch:x86

6ca8680a0026d48347ab36a161b43d90

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:6b:51:c9:bb:7f:e5:47:b3:1e:36:63:a6:00:bf:eb:fc:cf:e5:7b
Signer

Actual PE Digest

a7:6b:51:c9:bb:7f:e5:47:b3:1e:36:63:a6:00:bf:eb:fc:cf:e5:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\source_safe\Bcm44xx\driver\winxp.32\Obj\i386\bcm4sbxp.pdb

Imports

ntoskrnl.exe

sprintf
MmFreeContiguousMemorySpecifyCache
MmAllocateContiguousMemorySpecifyCache
MmGetPhysicalAddress

hal

KeStallExecutionProcessor

ndis.sys

NdisAdjustBufferLength
NdisFreeBuffer
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisWritePciSlotInformation
NdisMMapIoSpace
NdisMPciAssignResources
NdisFreeSpinLock
NdisMUnmapIoSpace
NdisMFreeMapRegisters
NdisFreeBufferPool
NdisFreePacketPool
NdisMDeregisterAdapterShutdownHandler
NdisMDeregisterInterrupt
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisSetTimer
NdisMCancelTimer
NdisMSynchronizeWithInterrupt
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisWriteErrorLogEntry
NdisReadPciSlotInformation
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisCloseConfiguration
NdisReadConfiguration
NdisReadNetworkAddress
NdisOpenConfiguration
NdisMRegisterInterrupt
NdisMRegisterAdapterShutdownHandler
NdisMInitializeTimer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisMAllocateMapRegisters
NdisAllocateSpinLock
NdisMSetAttributesEx
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b57xx2k.sys
.sys windows:5 windows x86 arch:x86

67e6790ed8f7ab72c7a6520d361d6603

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:93:05:6b:48:d2:bd:3b:f8:9e:d4:86:e1:4e:a8:92:fc:0a:a5:e2
Signer

Actual PE Digest

99:93:05:6b:48:d2:bd:3b:f8:9e:d4:86:e1:4e:a8:92:fc:0a:a5:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hal

KfLowerIrql
KfRaiseIrql
KeStallExecutionProcessor

ndis.sys

NdisAllocateMemoryWithTag
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMCancelTimer
NdisWriteErrorLogEntry
NdisSetTimer
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMAllocateMapRegisters
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisAllocateSpinLock
NdisMSetAttributesEx
NdisFreeSpinLock
NdisFreeBufferPool
NdisFreePacketPool
NdisMFreeMapRegisters
NdisMDeregisterInterrupt
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeSharedMemory
NdisFreeMemory
NdisFreePacket
NdisFreeBuffer
NdisMDeregisterAdapterShutdownHandler
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBuffer
NdisDprReleaseSpinLock
NdisDprAcquireSpinLock
NdisMRegisterMiniport
NdisInitializeWrapper
NdisMSynchronizeWithInterrupt
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMMapIoSpace
NdisMAllocateSharedMemory
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisAllocatePacket
NdisAdjustBufferLength
NdisMStartBufferPhysicalMapping
NdisMCompleteBufferPhysicalMapping
NdisSystemProcessorCount
NdisUnicodeStringToAnsiString
NdisReadNetworkAddress
NdisMSleep

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b57xxxp.sys
.sys windows:5 windows x86 arch:x86

5f271a035c74775d857100d6c5737778

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:30:b5:57:97:f5:60:3c:6f:fd:78:85:6b:27:b4:f9:84:d5:2b:7e
Signer

Actual PE Digest

ec:30:b5:57:97:f5:60:3c:6f:fd:78:85:6b:27:b4:f9:84:d5:2b:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b57xp32.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeInitializeSpinLock
_allmul
_alldiv
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel

hal

KfLowerIrql
KeGetCurrentIrql
KfAcquireSpinLock
KeStallExecutionProcessor
KfReleaseSpinLock
KfRaiseIrql

ndis.sys

NdisMCompleteBufferPhysicalMapping
NdisSystemProcessorCount
NdisUnicodeStringToAnsiString
NdisReadNetworkAddress
NdisMSleep
NdisAdjustBufferLength
NdisMStartBufferPhysicalMapping
NdisMDeregisterAdapterShutdownHandler
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisFreeBufferPool
NdisFreePacketPool
NdisMFreeMapRegisters
NdisMDeregisterInterrupt
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeSharedMemory
NdisFreeMemory
NdisFreePacket
NdisFreeBuffer
NdisAllocateMemoryWithTag
NdisMCancelTimer
NdisSetTimer
NdisWriteErrorLogEntry
NdisMQueryAdapterResources
NdisQueryBufferSafe
NdisMSynchronizeWithInterrupt
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisGetCurrentSystemTime
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisMSetAttributesEx
NdisMRegisterMiniport
NdisInitializeWrapper
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMMapIoSpace
NdisMAllocateSharedMemory
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateBufferPool
NdisAllocatePacketPool

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 615B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcm44xx.reg
bcm57xx.reg
bk57xp.reg
bk57xp.sys
.sys windows:5 windows x86 arch:x86

978312fb66de1e7daff85ed566c81720

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:8b:c4:9a:9e:1c:3c:54:99:a3:2c:92:c5:0d:72:fd:e6:4b:17:35
Signer

Actual PE Digest

9f:8b:c4:9a:9e:1c:3c:54:99:a3:2c:92:c5:0d:72:fd:e6:4b:17:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k57xp32.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwClose
RtlCompareMemory
ExAllocatePoolWithTag
ZwQuerySystemInformation
ExFreePoolWithTag
KeInitializeSpinLock
KeInitializeDpc
KeSetImportanceDpc
_alldiv
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInsertQueueDpc

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KeStallExecutionProcessor
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisAdjustBufferLength
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisAllocatePacket
NdisAllocateBuffer
NdisMAllocateSharedMemory
NdisMStartBufferPhysicalMapping
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisInitializeWrapper
NdisMRegisterMiniport
NdisMSetAttributesEx
NdisOpenConfiguration
NdisMCompleteBufferPhysicalMapping
NdisSystemProcessorCount
NdisUnicodeStringToAnsiString
NdisReadNetworkAddress
NdisMSleep
NdisMMapIoSpace
NdisFreePacketPool
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisQueryBufferSafe
NdisAllocateMemoryWithTag
NdisMCancelTimer
NdisSetTimer
NdisWriteErrorLogEntry
NdisMQueryAdapterResources
NdisGetCurrentSystemTime
NdisMSynchronizeWithInterrupt
NdisFreeBufferPool
NdisMFreeMapRegisters
NdisMDeregisterInterrupt
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeSharedMemory
NdisFreeMemory
NdisFreePacket
NdisFreeBuffer
NdisMDeregisterAdapterShutdownHandler
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisCloseConfiguration
NdisReadConfiguration

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 687B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacflt10.sys
.sys windows:6 windows x86 arch:x86

3d06278493945cc7ed308313a1a08559

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:f2:53:5e:41:88:17:b1:20:0f:58:bb:1d:af:94:ce:e2:2f:4a:fe
Signer

Actual PE Digest

0a:f2:53:5e:41:88:17:b1:20:0f:58:bb:1d:af:94:ce:e2:2f:4a:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nzcacflt\objfre_w2k_x86\i386\cacflt10.pdb

Imports

ntoskrnl.exe

KeReleaseSemaphore
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IofCallDriver
KeInitializeEvent
PoCallDriver
PoStartNextPowerIrp
IofCompleteRequest
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
memcpy
_wcsnicmp
ObQueryNameString
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoFreeIrp
_stricmp
memset
IoDetachDevice
ObfDereferenceObject
ExfInterlockedRemoveHeadList
KeGetCurrentThread
ZwSetValueKey
ZwOpenKey
ZwCreateKey
RtlInitUnicodeString
swprintf
IoDeleteDevice
ExfInterlockedInsertTailList
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateDevice
MmGetPhysicalMemoryRanges
ExInitializeNPagedLookasideList
RtlQueryRegistryValues
MmUnmapIoSpace
MmMapIoSpace
_alldiv
MmFreePagesFromMdl
MmUnmapLockedPages
_allrem
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
MmAllocatePagesForMdl
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateIrp
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
_allshr
KeSetEvent
RtlUnwind

hal

ExReleaseFastMutex
ExAcquireFastMutex

nxd10.sys

NotifyCacheInfoToNxD

Exports

Exports

AddLRUCacheToCacFlt
AllocateLRUMem
AllocateMinLRUMem
AsyncReadBlockDeviceWithMdl
AsyncReadBlockDeviceWithMdlByOverLap
FreeLRUMem
GetOverlapStatus
GetRealOffLenByArrayBit
InitCacheLookasideList
InitSystemRamSize
IoAllocateMdlWithMasterOffset
IoAllocateMdlWithNonPagedBuf
IoBuildAsyncFsdRequestWithMDL
Minimum
NxDAllocateMdl
NxDFreeMdl
NxDMmUnlockPages
ReadLRUCacheFromCacFlt
SetArrayBit
SyncReadBlockDevice
TestArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 768B - Virtual size: 715B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacflt11.sys
.sys windows:6 windows x86 arch:x86

3d4cf63a43f93159caf993e912a6b4ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:e9:49:1f:88:6d:66:70:55:0a:89:05:bf:8f:d6:68:71:ef:2a:ef
Signer

Actual PE Digest

23:e9:49:1f:88:6d:66:70:55:0a:89:05:bf:8f:d6:68:71:ef:2a:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nzcacflt\objfre_wxp_x86\i386\cacflt11.pdb

Imports

ntoskrnl.exe

KeReleaseSemaphore
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IofCallDriver
KeInitializeEvent
PoCallDriver
PoStartNextPowerIrp
IofCompleteRequest
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
memcpy
_wcsnicmp
ObQueryNameString
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoFreeIrp
_stricmp
memset
IoDetachDevice
ObfDereferenceObject
ExfInterlockedRemoveHeadList
KeGetCurrentThread
ZwSetValueKey
ZwOpenKey
ZwCreateKey
RtlInitUnicodeString
swprintf
IoDeleteDevice
ExfInterlockedInsertTailList
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateDevice
MmGetPhysicalMemoryRanges
ExInitializeNPagedLookasideList
RtlQueryRegistryValues
MmUnmapIoSpace
MmMapIoSpace
_alldiv
MmFreePagesFromMdl
MmUnmapLockedPages
_allrem
InterlockedPopEntrySList
InterlockedPushEntrySList
MmAllocatePagesForMdl
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateIrp
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
_allshr
KeSetEvent
RtlUnwind

hal

ExReleaseFastMutex
ExAcquireFastMutex

nxd11.sys

NotifyCacheInfoToNxD

Exports

Exports

AddLRUCacheToCacFlt
AllocateLRUMem
AllocateMinLRUMem
AsyncReadBlockDeviceWithMdl
AsyncReadBlockDeviceWithMdlByOverLap
FreeLRUMem
GetOverlapStatus
GetRealOffLenByArrayBit
InitCacheLookasideList
InitSystemRamSize
IoAllocateMdlWithMasterOffset
IoAllocateMdlWithNonPagedBuf
IoBuildAsyncFsdRequestWithMDL
Minimum
NxDAllocateMdl
NxDFreeMdl
NxDMmUnlockPages
ReadLRUCacheFromCacFlt
SetArrayBit
SyncReadBlockDevice
TestArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 768B - Virtual size: 715B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacflt21.sys
.sys windows:6 windows x64 arch:x64

c2b50ef9716ac4e4b8a6520fb845e7b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:39:ab:33:dd:a1:2c:ca:01:b7:b9:36:99:0d:5a:90:b2:d2:00:25
Signer

Actual PE Digest

ab:39:ab:33:dd:a1:2c:ca:01:b7:b9:36:99:0d:5a:90:b2:d2:00:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\nzcacflt\objfre_wnet_amd64\amd64\cacflt21.pdb

Imports

ntoskrnl.exe

PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
IoDeleteDevice
IofCallDriver
ObfDereferenceObject
MmMapLockedPagesSpecifyCache
IoDetachDevice
IofCompleteRequest
PoStartNextPowerIrp
ExInterlockedRemoveHeadList
PoCallDriver
ZwCreateKey
KeInitializeEvent
ZwOpenKey
ZwSetValueKey
ExAcquireFastMutex
ZwQueryValueKey
ExAllocatePoolWithTag
ExFreePoolWithTag
ExReleaseFastMutex
ObQueryNameString
_wcsnicmp
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoFreeIrp
KeSetEvent
_stricmp
KeInitializeSemaphore
swprintf
RtlInitUnicodeString
ExInterlockedInsertTailList
IoCreateDevice
KeReleaseSemaphore
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
IoCreateSymbolicLink
MmUnmapLockedPages
MmGetPhysicalMemoryRanges
ExInitializeNPagedLookasideList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
RtlQueryRegistryValues
MmMapIoSpace
MmUnmapIoSpace
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmUnlockPages
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoAllocateIrp
KeBugCheckEx
__C_specific_handler

nxd21.sys

NotifyCacheInfoToNxD

Exports

Exports

AddLRUCacheToCacFlt
AllocateLRUMem
AllocateMinLRUMem
AsyncReadBlockDeviceWithMdl
AsyncReadBlockDeviceWithMdlByOverLap
FreeLRUMem
GetOverlapStatus
GetRealOffLenByArrayBit
InitCacheLookasideList
InitSystemRamSize
IoAllocateMdlWithMasterOffset
IoAllocateMdlWithNonPagedBuf
IoBuildAsyncFsdRequestWithMDL
Minimum
NxDAllocateMdl
NxDFreeMdl
NxDMmUnlockPages
ReadLRUCacheFromCacFlt
SetArrayBit
SyncReadBlockDevice
TestArrayBit
UpdateLRUCacheToCacFlt

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 715B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cfgmgr.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:36:97:c2:a6:33:ba:b8:5f:eb:d6:bf:bc:7a:8a:0e:bf:7b:c1:2f
Signer

Actual PE Digest

94:36:97:c2:a6:33:ba:b8:5f:eb:d6:bf:bc:7a:8a:0e:bf:7b:c1:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 286KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cliBD.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:1a:97:f2:10:c6:40:81:cc:21:ba:71:e4:9e:ed:1f:5f:c1:fd:84
Signer

Actual PE Digest

d3:1a:97:f2:10:c6:40:81:cc:21:ba:71:e4:9e:ed:1f:5f:c1:fd:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 261KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cliUp.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:4e:18:5b:c2:5b:43:af:76:47:4c:a5:f7:73:3e:dd:1c:36:2a:21
Signer

Actual PE Digest

f6:4e:18:5b:c2:5b:43:af:76:47:4c:a5:f7:73:3e:dd:1c:36:2a:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 288KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cliloc.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:23:e3:99:58:45:3c:97:28:41:a7:d7:a8:4b:26:15:b1:6b:ec:f3
Signer

Actual PE Digest

46:23:e3:99:58:45:3c:97:28:41:a7:d7:a8:4b:26:15:b1:6b:ec:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 270KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cliopt.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:5a:cc:2b:b7:44:3a:0d:81:9b:01:37:30:2e:67:51:0e:5e:b7:05
Signer

Actual PE Digest

e5:5a:cc:2b:b7:44:3a:0d:81:9b:01:37:30:2e:67:51:0e:5e:b7:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 276KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
concpl.cpl
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

CODE
Size: 284KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
devcon.exe
.exe windows:5 windows x86 arch:x86

4a8b1b3af5ed6b972156a2972693a918

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:d3:2c:1b:97:2d:f4:d9:7f:ef:5e:e8:3b:90:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/07/2011, 00:00

Not After

04/08/2012, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:32:a9:b6:bc:ff:ee:65:9b:b0:12:c5:5f:79:50:25:94:1b:f0:55
Signer

Actual PE Digest

4d:32:a9:b6:bc:ff:ee:65:9b:b0:12:c5:5f:79:50:25:94:1b:f0:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
TerminateProcess
GetModuleHandleA
FreeLibrary
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpynW
FileTimeToSystemTime
GetDateFormatW
lstrcpyW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
LocalFree
FormatMessageW
QueryPerformanceCounter

msvcrt

fputws
fputs
_iob
??3@YAXPAX@Z
??2@YAPAXI@Z
wcschr
towlower
towupper
iswalpha
_wcsnicmp
_wcsicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcscmp
wprintf
wcsrchr

advapi32

OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges

setupapi

SetupDiClassGuidsFromNameExW
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupDiGetClassDescriptionExW
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
CM_Get_First_Log_Conf_Ex

user32

ExitWindowsEx
CharNextW
LoadStringW
CharPrevW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e1000.reg
e100b.reg
elexpress.reg
fetndis.reg
i82567.sys
.sys windows:5 windows x86 arch:x86

1105196505ff77cf5212cf02085a9cee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:b0:af:86:81:ef:82:54:a0:b9:85:9a:9f:3b:5a:7d:57:55:78:fa
Signer

Actual PE Digest

8e:b0:af:86:81:ef:82:54:a0:b9:85:9a:9f:3b:5a:7d:57:55:78:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\104377\intel\base\free\i386\e1y5132.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
IofCompleteRequest
ZwOpenFile
MmLockPagableDataSection
MmUnlockPagableImageSection
KeQueryActiveProcessors
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_allmul
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
ZwQueryValueKey
ZwClose
_alldiv
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeQuerySystemTime
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_ULONG
WRITE_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisSystemProcessorCount
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMPciAssignResources
NdisTerminateWrapper
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisMSynchronizeWithInterrupt
NdisGetVersion
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisGetRoutineAddress
NdisMDeregisterInterrupt

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i82567LM.sys
.sys windows:5 windows x86 arch:x86

94b6a835f73ce800334f58e2e626d5f1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:fb:4a:39:00:e2:b0:e1:89:41:d6:92:57:f0:56:dc:1f:4f:ed:52
Signer

Actual PE Digest

3f:fb:4a:39:00:e2:b0:e1:89:41:d6:92:57:f0:56:dc:1f:4f:ed:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\128121\base\objfre_wnet_x86\i386\e1k5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aulldiv
_allmul
IoFreeMdl
_aullshr
ZwClose
RtlInitUnicodeString
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterDevice
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisSetTimer
NdisMSynchronizeWithInterrupt
NdisOpenConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeWrapper
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisReadConfiguration
NdisSystemProcessorCount
NdisFreeMemory
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources
NdisTerminateWrapper
NdisMRegisterMiniport
NdisGetVersion

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i825752k.sys
.sys windows:6 windows x86 arch:x86

24dca51aec7cf1bbdc45f347be4be8b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:02:e1:97:e7:e6:4d:25:de:1b:f6:3b:ae:3a:aa:41:31:74:68:52
Signer

Actual PE Digest

98:02:e1:97:e7:e6:4d:25:de:1b:f6:3b:ae:3a:aa:41:31:74:68:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\101624\base\free\i386\e1q5032.pdb

Imports

ntoskrnl.exe

IoFreeMdl
_allmul
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
memset
memcpy

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KeStallExecutionProcessor
KfRaiseIrql

ndis.sys

NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeEvent
NdisResetEvent
NdisSetEvent
NdisWaitEvent
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisFreeMemory
NdisMSleep
NdisReadConfiguration
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMQueryAdapterResources
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisMSetPeriodicTimer
NdisOpenConfiguration
NdisMCancelTimer
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMInitializeTimer
NdisMFreeSharedMemory
NdisMRegisterInterrupt
NdisMDeregisterInterrupt
NdisMInitializeScatterGatherDma
NdisAllocateBuffer
NdisMAllocateSharedMemory
NdisAllocateBufferPool
NdisFreePacket
NdisFreePacketPool
NdisFreeBufferPool
NdisAllocatePacket
NdisAllocatePacketPool
NdisSetTimer
NdisMDeregisterAdapterShutdownHandler
NdisReadNetworkAddress
NdisMQueryAdapterInstanceName
NdisCloseConfiguration

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 961B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i82575xp.sys
.sys windows:5 windows x86 arch:x86

548a6f276ba842cdad54419171296a3e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:7a:b4:9e:dc:f8:1c:16:ba:3e:91:86:37:79:ca:1f:a8:02:8a:99
Signer

Actual PE Digest

31:7a:b4:9e:dc:f8:1c:16:ba:3e:91:86:37:79:ca:1f:a8:02:8a:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\101624\base\free\i386\e1q5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
IoFreeMdl
KeInitializeSpinLock
_allmul
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
RtlInitUnicodeString
ZwClose

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMUnmapIoSpace
NdisInitializeEvent
NdisResetEvent
NdisSetEvent
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisFreeMemory
NdisMSleep
NdisWaitEvent
NdisMMapIoSpace
NdisMSynchronizeWithInterrupt
NdisMRegisterDevice
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisMDeregisterDevice
NdisInitializeReadWriteLock
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMQueryAdapterResources
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisMCancelTimer
NdisReadConfiguration
NdisMDeregisterInterrupt
NdisAllocateMemoryWithTag
NdisMFreeSharedMemory
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisMInitializeScatterGatherDma
NdisAllocateBuffer
NdisMAllocateSharedMemory
NdisAllocateBufferPool
NdisFreePacket
NdisFreePacketPool
NdisFreeBufferPool
NdisAllocatePacket
NdisAllocatePacketPool
NdisSetTimer
NdisMDeregisterAdapterShutdownHandler
NdisReadNetworkAddress
NdisMQueryAdapterInstanceName
NdisCloseConfiguration
NdisOpenConfiguration
NdisMSetPeriodicTimer
NdisGetRoutineAddress
NdisSystemProcessorCount

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1009B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i82579LM.sys
.sys windows:5 windows x86 arch:x86

25aadd0a07f467c4399d45dd8a31edb7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:5b:06:5f:b7:c0:96:54:e4:89:29:1c:e6:54:e4:18:05:26:9e:a8
Signer

Actual PE Digest

f4:5b:06:5f:b7:c0:96:54:e4:89:29:1c:e6:54:e4:18:05:26:9e:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\168068\base\objfre_wnet_x86\i386\e1c5132.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aullshr
_aulldiv
_allmul
IoFreeMdl
ZwClose
IoGetDeviceProperty
swprintf
RtlInitUnicodeString
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel

hal

KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMSynchronizeWithInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisSetTimer
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterDevice
NdisOpenConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisInitializeWrapper
NdisGetVersion
NdisMRegisterMiniport
NdisTerminateWrapper
NdisReleaseReadWriteLock
NdisMRegisterDevice
NdisAcquireReadWriteLock
NdisReadConfiguration
NdisSystemProcessorCount
NdisFreeMemory
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMGetDeviceProperty
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicpl.cpl
.dll windows:5 windows x86 arch:x86

127000552cc41b32dd55eb6505749e4c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:99:e5:80:5c:9d:84:f4:56:8f:82:03:6e:48:bf:b8:bd:ec:69:d7
Signer

Actual PE Digest

65:99:e5:80:5c:9d:84:f4:56:8f:82:03:6e:48:bf:b8:bd:ec:69:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iscsicpl.pdb

Imports

msvcrt

wcslen
_wcsicmp
_except_handler3
_vsnwprintf
iswalpha
wcscmp
malloc
_adjust_fdiv
_initterm
free
swscanf
_wcsnicmp

ntdll

RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap
RtlFreeAnsiString

gdi32

GetTextExtentPoint32W

iscsidsc

SetupPersistentIScsiVolumes
SetupPersistentIScsiDevices
ClearPersistentIScsiDevices
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
ReportPersistentIScsiDevicesW
GetIScsiSessionListW
ReportIScsiTargetPortalsW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
ReportIScsiSendTargetPortalsW
AddISNSServerW
ReportISNSServerListW
SetIScsiIKEInfoW
AddIScsiSendTargetPortalW
RemoveIScsiPersistentTargetW
ReportIScsiPersistentLoginsW
ReportIScsiTargetsW
LoginIScsiTargetW
GetDevicesForIScsiSessionW
LogoutIScsiTarget
AddIScsiConnectionW
RemoveIScsiConnection
ReportActiveIScsiTargetMappingsW
RemoveISNSServerW
GetIScsiInitiatorNodeNameW
SetIScsiInitiatorNodeNameW
SetIScsiTunnelModeOuterAddressW
SetIScsiInitiatorCHAPSharedSecret
ReportIScsiInitiatorListW

kernel32

Sleep
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
DisableThreadLibraryCalls
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LocalAlloc
LocalFree
lstrcmpiW
FormatMessageW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
CreateFileW
GetVolumeNameForVolumeMountPointW

setupapi

CM_Locate_DevNodeW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_Device_ID_Size
CM_Get_DevNode_Registry_Property_ExW

shell32

ord168
ord167
ord169

user32

GetParent
GetDC
IsWindowEnabled
LoadIconW
PostMessageW
SetWindowTextW
GetDlgItem
SetCursor
LoadCursorW
DestroyIcon
SendDlgItemMessageW
LoadImageW
GetSystemMetrics
GetWindowTextW
IsDlgButtonChecked
SendMessageW
LoadStringW
DialogBoxParamW
EndDialog
ReleaseDC
CheckRadioButton
SetWindowLongW
GetWindowLongW
EnableWindow
GetClientRect
SetDlgItemInt
GetDlgItemInt
SetFocus
MessageBoxW
CheckDlgButton

iscsium

DiscpCopyString
DiscpGetStringFromDataBlock
DiscpFreeMemory
DiscpTextAddrToBinary
DiscpParseAllData
DiscpQueryAllData
DiscpDuplicateString
DiscpExecuteMethod
DiscpFreeDeviceInterfaceList
DiscpEnumerateDeviceInterfaces
DiscpQuerySingleInstance
DiscpAllocMemory
DiscpPadDataBlock
DiscpParseSingleInstance

Exports

Exports

CPlApplet

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsidsc.dll
.dll windows:5 windows x86 arch:x86

62ed3404b8813aff5b6f732c93fa9aaa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:4b:1f:cf:57:cc:15:b4:8c:82:80:1d:41:87:b2:7e:ed:43:f9:ad
Signer

Actual PE Digest

a5:4b:1f:cf:57:cc:15:b4:8c:82:80:1d:41:87:b2:7e:ed:43:f9:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iscsidsc.pdb

Imports

msvcrt

_wcsicmp
wcscmp
free
_except_handler3
_adjust_fdiv
malloc
_vsnprintf
wcslen
_initterm
_wcsnicmp
iswdigit
_wtoi
_vsnwprintf

ntdll

RtlCreateHeap
RtlDestroyHeap

iscsium

DiscpAddStringToMultiSzList
DiscpGetPnpDeviceId
DiscpQuerySingleInstance
DiscpParseSingleInstance
DiscpRegisterHeap
DiscpAllocMemory
DiscpFreeMemory
DiscpAnsiToUnicode
DiscpUnicodeToAnsi
DiscpOpenRegistryKey
DiscpFreeDeviceInterfaceList
DiscpEnumerateDeviceInterfaces
DiscpGetRegistryValue
DiscpMapiSCSIString
DiscpDuplicateString
DiscpCopyString
DiscpCopyStringToAnsi
DiscpPadDataBlock
DiscpGetStringFromDataBlock
DiscpParseAllData
DiscpQueryAllData
DiscpExecuteMethod
DiscpUnicodeToAnsiSize

advapi32

RegEnumValueW
RegQueryInfoKeyA
WmiCloseBlock
WmiFileHandleToInstanceNameW
WmiOpenBlock
RegCloseKey

rpcrt4

RpcBindingFree
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
NdrClientCall2

kernel32

GetCurrentProcessId
GetVersionExW
GetModuleHandleW
GetProcAddress
QueryDosDeviceW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
GetVolumeNameForVolumeMountPointW
CreateFileW
DeviceIoControl
GetLastError
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter

cfgmgr32

CM_Open_DevNode_Key_Ex
CM_Get_Sibling_Ex
CM_Get_Child_Ex
CM_Locate_DevNode_ExW
CM_Locate_DevNodeW
CM_Get_DevNode_Registry_Property_ExW

Exports

Exports

AddISNSServerA
AddISNSServerW
AddIScsiConnectionA
AddIScsiConnectionW
AddIScsiSendTargetPortalA
AddIScsiSendTargetPortalW
AddIScsiStaticTargetA
AddIScsiStaticTargetW
AddPersistentIScsiDeviceA
AddPersistentIScsiDeviceW
ClearPersistentIScsiDevices
DllMain
GetDevicesForIScsiSessionA
GetDevicesForIScsiSessionW
GetIScsiIKEInfoA
GetIScsiIKEInfoW
GetIScsiInitiatorNodeNameA
GetIScsiInitiatorNodeNameW
GetIScsiSessionListA
GetIScsiSessionListW
GetIScsiTargetInformationA
GetIScsiTargetInformationW
GetIScsiVersionInformation
LoginIScsiTargetA
LoginIScsiTargetW
LogoutIScsiTarget
RefreshISNSServerA
RefreshISNSServerW
RefreshIScsiSendTargetPortalA
RefreshIScsiSendTargetPortalW
RemoveISNSServerA
RemoveISNSServerW
RemoveIScsiConnection
RemoveIScsiPersistentTargetA
RemoveIScsiPersistentTargetW
RemoveIScsiSendTargetPortalA
RemoveIScsiSendTargetPortalW
RemoveIScsiStaticTargetA
RemoveIScsiStaticTargetW
RemovePersistentIScsiDeviceA
RemovePersistentIScsiDeviceW
ReportActiveIScsiTargetMappingsA
ReportActiveIScsiTargetMappingsW
ReportISNSServerListA
ReportISNSServerListW
ReportIScsiInitiatorListA
ReportIScsiInitiatorListW
ReportIScsiPersistentLoginsA
ReportIScsiPersistentLoginsW
ReportIScsiSendTargetPortalsA
ReportIScsiSendTargetPortalsExA
ReportIScsiSendTargetPortalsExW
ReportIScsiSendTargetPortalsW
ReportIScsiTargetPortalsA
ReportIScsiTargetPortalsW
ReportIScsiTargetsA
ReportIScsiTargetsW
ReportPersistentIScsiDevicesA
ReportPersistentIScsiDevicesW
SendScsiInquiry
SendScsiReadCapacity
SendScsiReportLuns
SetIScsiGroupPresharedKey
SetIScsiIKEInfoA
SetIScsiIKEInfoW
SetIScsiInitiatorCHAPSharedSecret
SetIScsiInitiatorNodeNameA
SetIScsiInitiatorNodeNameW
SetIScsiTunnelModeOuterAddressA
SetIScsiTunnelModeOuterAddressW
SetupPersistentIScsiDevices
SetupPersistentIScsiVolumes

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsiexe.exe
.exe windows:5 windows x86 arch:x86

b29de5d7000510ab9808dede78e18f31

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:ff:3d:f5:5a:2b:6e:76:0e:b9:c2:97:61:8d:42:35:b1:2b:aa:33
Signer

Actual PE Digest

c6:ff:3d:f5:5a:2b:6e:76:0e:b9:c2:97:61:8d:42:35:b1:2b:aa:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iscsiexe.pdb

Imports

msvcrt

_wcsnicmp
malloc
_controlfp
rand
__set_app_type
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
time
_adjust_fdiv
__p__commode
__p__fmode
free
wcsncmp
_strnicmp
isdigit
iswdigit
_vsnprintf
__setusermatherr
difftime
_vsnwprintf
printf
_wcsicmp
_exit
_c_exit
_except_handler3
_wtoi
atoi
wcslen

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
WmiFileHandleToInstanceNameW
FreeSid
RegSetValueExW
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
WmiNotificationRegistrationW
WmiOpenBlock
WmiCloseBlock
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegCloseKey

kernel32

CreateMutexW
CreateMutexA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
CreateEventW
RegisterWaitForSingleObject
Sleep
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEvent
FreeLibrary
GetVersionExW
GetProcAddress
CreateThread
WaitForSingleObject
ReleaseMutex
lstrlenW
lstrcmpiW
GetComputerNameExA
GetVolumeNameForVolumeMountPointW
CreateFileW
DeviceIoControl
CloseHandle
InterlockedIncrement
GetLastError
InterlockedDecrement
LocalAlloc
LocalFree
ReadFile
WaitForMultipleObjects

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

iscsium

DiscpQueryAllData
DiscpParseAllData
DiscpLoadSystemLibrary
Discpxtoi
DiscpEncryptBuffer
DiscpSendIrpRequest
DiscpAnsiCharsToString
DiscpXtoI
DiscpDisableEventlog
DiscpRegisterHeap
DiscpDisableWinsock
DiscpAllocProcessMemory
DiscpRegisterForDeviceInterfaceNotfication
DiscpEnableEventlog
DiscpIsDNSAddress
DiscpPadDataBlock
DiscpGetStringFromDataBlock
DiscpCopyStringToAnsi
DiscpFreeProcessMemory
DiscpEnableWinsock
DiscpEstablishTCPSocket
DiscpUnicodeToUTF8
DiscpIsStringInList
DiscpGetPnpDeviceId
DiscpReportEventlog
DiscpParseKeyValue
DiscpUTF8ToUnicode
DiscpEnumerateDeviceInterfaces
DiscpFreeDeviceInterfaceList
DiscpAlignDataStruct
DiscpCopyString
DiscpCopyUnicodeString
DiscpGenerateiScsiNameFromComputerName
DiscpAnsiToUnicode
DiscpPnpDeviceInterfaceToInstanceName
DiscpQuerySingleInstance
DiscpParseSingleInstance
DiscpEstablishIrpPump
DiscpDisestablishIrpPump
DiscpValidateiSCSIString
DiscpTextAddrToBinary
DiscpDuplicateString
DiscpUnicodeToAnsiSize
DiscpUnicodeToAnsi
DiscpAddStringToMultiSzList
DiscpRemoveStringFromMultiSzList
DiscpCopyToCountedString
DiscpExecuteMethod
DiscpGetRegistryValue
DiscpSetRegistryValue
DiscpEnumerateRegistryValues
DiscpAllocMemory
DiscpDecryptBuffer
DiscpReportEventlogWithStatus
DiscpOpenRegistryKey
DiscpFreeMemory

ntdll

RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlDestroyHeap
RtlCreateHeap
RtlLeaveCriticalSection
RtlInitializeCriticalSection

ws2_32

htonl
htons
sendto
listen
accept
send
shutdown
getsockname
closesocket
inet_ntoa
setsockopt
select
recv
WSAGetLastError
bind
socket
WSAStartup
WSACleanup
inet_addr
recvfrom

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
NdrServerCall2
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient

setupapi

CM_Get_DevNode_Registry_Property_ExW
CM_Query_And_Remove_SubTree_ExW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Open_DevNode_Key_Ex
CM_Get_Sibling_Ex
CM_Get_Child_Ex
CM_Locate_DevNode_ExW
CM_Locate_DevNodeW

oleaut32

SysAllocString
SysFreeString

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iscsiprt.sys
.sys windows:5 windows x86 arch:x86

9ebe7c1d76ec9ed668cdfb4df7f6e669

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:09:4f:37:9e:2c:15:cc:d4:da:1c:d3:98:02:f5:08:a6:7a:c3:bc
Signer

Actual PE Digest

54:09:4f:37:9e:2c:15:cc:d4:da:1c:d3:98:02:f5:08:a6:7a:c3:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iscsiprt.pdb

Imports

ntoskrnl.exe

KeSetTimer
_allmul
KeWaitForSingleObject
KeInitializeEvent
KeInitializeTimer
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
KeInitializeSpinLock
IoConnectInterrupt
IoDeleteDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoInvalidateDeviceState
IoRegisterDeviceInterface
IoReleaseRemoveLockEx
KeInitializeDpc
MmUnmapLockedPages
IoAllocateMdl
IoReuseIrp
IoAllocateIrp
IoFreeMdl
IoFreeIrp
MmBuildMdlForNonPagedPool
RtlCompareString
ZwCreateDirectoryObject
IoGetDriverObjectExtension
IoAttachDeviceToDeviceStack
IoCreateDevice
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
RtlQueryRegistryValues
ZwOpenKey
IoOpenDeviceRegistryKey
IoAllocateDriverObjectExtension
PsGetVersion
memmove
MmGetVirtualForPhysical
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
IoAllocateErrorLogEntry
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_BUFFER_UCHAR
WRITE_REGISTER_BUFFER_USHORT
WRITE_REGISTER_BUFFER_ULONG
WRITE_REGISTER_ULONG
MmGetPhysicalAddress
MmMapIoSpace
IoGetConfigurationInformation
Mm64BitPhysicalAddress
PoCallDriver
PoStartNextPowerIrp
IoQueueWorkItem
IoAllocateWorkItem
PoSetPowerState
PoRequestPowerIrp
KeSetEvent
IoGetDeviceProperty
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
_snwprintf
IoDeleteSymbolicLink
swprintf
MmProbeAndLockPages
_except_handler3
KeGetCurrentThread
RtlCopyUnicodeString
DbgBreakPoint
wcslen
ExDeleteNPagedLookasideList
IoFreeWorkItem
KeSetTimerEx
ExInitializeNPagedLookasideList
KeTickCount
KeBugCheckEx
IoWriteErrorLogEntry
ObfReferenceObject
KeQuerySystemTime
ExInterlockedPushEntrySList
KeInsertQueueDpc
IoInvalidateDeviceRelations
ZwClose
KeCancelTimer
IoDisconnectInterrupt
ExInterlockedPopEntrySList
IoSetDeviceInterfaceState
RtlInitUnicodeString
RtlFreeUnicodeString
IofCompleteRequest
IofCallDriver
IoWMIRegistrationControl
ExAllocatePoolWithTag
IoWMIWriteEvent
READ_REGISTER_BUFFER_UCHAR
ExFreePoolWithTag
_wcsnicmp
ZwQueryValueKey
ZwCreateKey
mbstowcs
_vsnprintf
ZwSetValueKey
RtlAnsiStringToUnicodeString
ZwDeleteKey
MmHighestUserAddress

hal

WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_BUFFER_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KeRaiseIrqlToDpcLevel

Exports

Exports

DllUnload
ScsiPortMoveMemory
ScsiPortNotification
ScsiPortWmiDispatchFunction
ScsiPortWmiFireLogicalUnitEvent
ScsiPortWmiGetInstanceName
ScsiPortWmiPostProcess
ScsiPortWmiSetData
ScsiPortWmiSetInstanceCount
ScsiPortWmiSetInstanceName
iScsiPortBusy
iScsiPortCompleteRequest
iScsiPortCompleteServiceIrp
iScsiPortConvertUlongToPhysicalAddress
iScsiPortDeviceBusy
iScsiPortDeviceReady
iScsiPortFreeDeviceBase
iScsiPortGetBusData
iScsiPortGetDeviceBase
iScsiPortGetLogicalUnit
iScsiPortGetOriginalMdl
iScsiPortGetPhysicalAddress
iScsiPortGetScatterGatherList
iScsiPortGetSrb
iScsiPortGetVirtualAddress
iScsiPortInitialize
iScsiPortLogError
iScsiPortMoveMemory
iScsiPortNotification
iScsiPortPause
iScsiPortPauseDevice
iScsiPortReadPortBufferUchar
iScsiPortReadPortBufferUlong
iScsiPortReadPortBufferUshort
iScsiPortReadPortUchar
iScsiPortReadPortUlong
iScsiPortReadPortUshort
iScsiPortReadRegisterBufferUchar
iScsiPortReadRegisterBufferUlong
iScsiPortReadRegisterBufferUshort
iScsiPortReadRegisterUchar
iScsiPortReadRegisterUlong
iScsiPortReadRegisterUshort
iScsiPortReady
iScsiPortResume
iScsiPortResumeDevice
iScsiPortSetBusDataByOffset
iScsiPortSetDeviceQueueDepth
iScsiPortStallExecution
iScsiPortSynchronizeAccess
iScsiPortValidateRange
iScsiPortWritePortBufferUchar
iScsiPortWritePortBufferUlong
iScsiPortWritePortBufferUshort
iScsiPortWritePortUchar
iScsiPortWritePortUlong
iScsiPortWritePortUshort
iScsiPortWriteRegisterBufferUchar
iScsiPortWriteRegisterBufferUlong
iScsiPortWriteRegisterBufferUshort
iScsiPortWriteRegisterUchar
iScsiPortWriteRegisterUlong
iScsiPortWriteRegisterUshort

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsiprt_64.sys
.sys windows:5 windows x64 arch:x64

f9d25da285baf714a28dafda59312b65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:8c:d3:db:53:76:8c:cd:44:0a:b0:55:3d:e4:59:a4:15:2d:f0:16
Signer

Actual PE Digest

6a:8c:d3:db:53:76:8c:cd:44:0a:b0:55:3d:e4:59:a4:15:2d:f0:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iscsiprt.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoWMIRegistrationControl
IofCallDriver
IofCompleteRequest
RtlFreeUnicodeString
RtlInitUnicodeString
IoSetDeviceInterfaceState
ExpInterlockedPopEntrySList
IoDisconnectInterrupt
KeCancelTimer
ObfReferenceObject
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoInvalidateDeviceRelations
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeSetTimer
KeWaitForSingleObject
KeInitializeEvent
KeInitializeTimer
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
InitializeSListHead
ZwClose
IoConnectInterrupt
IoReleaseRemoveLockAndWaitEx
IoInvalidateDeviceState
KeInsertQueueDpc
ExpInterlockedPushEntrySList
IoRegisterDeviceInterface
IoReleaseRemoveLockEx
KeInitializeDpc
IoDeleteDevice
IoDetachDevice
MmUnmapLockedPages
IoAllocateMdl
IoReuseIrp
IoAllocateIrp
IoFreeMdl
IoFreeIrp
MmBuildMdlForNonPagedPool
RtlCompareString
IoWMIWriteEvent
IoGetDriverObjectExtension
IoAttachDeviceToDeviceStack
IoCreateDevice
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
RtlQueryRegistryValues
ZwOpenKey
IoOpenDeviceRegistryKey
IoAllocateDriverObjectExtension
PsGetVersion
MmGetVirtualForPhysical
MmGetPhysicalAddress
MmMapIoSpace
IoGetConfigurationInformation
Mm64BitPhysicalAddress
PoCallDriver
PoStartNextPowerIrp
IoQueueWorkItem
IoAllocateWorkItem
PoSetPowerState
PoRequestPowerIrp
KeSetEvent
ExQueryDepthSList
IoGetDeviceProperty
MmMapLockedPagesSpecifyCache
IoCreateSymbolicLink
_snwprintf
IoDeleteSymbolicLink
swprintf
__C_specific_handler
MmProbeAndLockPages
RtlCopyUnicodeString
DbgBreakPoint
ExDeleteNPagedLookasideList
IoFreeWorkItem
KeSetTimerEx
ExInitializeNPagedLookasideList
IoWMIDeviceObjectToProviderId
KeBugCheckEx
ZwCreateDirectoryObject
ExFreePoolWithTag
_wcsnicmp
ZwQueryValueKey
ZwCreateKey
mbstowcs
_vsnprintf
ZwSetValueKey
RtlAnsiStringToUnicodeString
IoIs32bitProcess
MmHighestUserAddress
ZwDeleteKey

hal

KeStallExecutionProcessor

Exports

Exports

DllUnload
ScsiPortMoveMemory
ScsiPortNotification
ScsiPortWmiDispatchFunction
ScsiPortWmiFireLogicalUnitEvent
ScsiPortWmiGetInstanceName
ScsiPortWmiPostProcess
ScsiPortWmiSetData
ScsiPortWmiSetInstanceCount
ScsiPortWmiSetInstanceName
iScsiPortBusy
iScsiPortCompleteRequest
iScsiPortCompleteServiceIrp
iScsiPortConvertUlongToPhysicalAddress
iScsiPortDeviceBusy
iScsiPortDeviceReady
iScsiPortFreeDeviceBase
iScsiPortGetBusData
iScsiPortGetDeviceBase
iScsiPortGetLogicalUnit
iScsiPortGetOriginalMdl
iScsiPortGetPhysicalAddress
iScsiPortGetScatterGatherList
iScsiPortGetSrb
iScsiPortGetVirtualAddress
iScsiPortInitialize
iScsiPortLogError
iScsiPortMoveMemory
iScsiPortNotification
iScsiPortPause
iScsiPortPauseDevice
iScsiPortReadPortBufferUchar
iScsiPortReadPortBufferUlong
iScsiPortReadPortBufferUshort
iScsiPortReadPortUchar
iScsiPortReadPortUlong
iScsiPortReadPortUshort
iScsiPortReadRegisterBufferUchar
iScsiPortReadRegisterBufferUlong
iScsiPortReadRegisterBufferUshort
iScsiPortReadRegisterUchar
iScsiPortReadRegisterUlong
iScsiPortReadRegisterUshort
iScsiPortReady
iScsiPortResume
iScsiPortResumeDevice
iScsiPortSetBusDataByOffset
iScsiPortSetDeviceQueueDepth
iScsiPortStallExecution
iScsiPortSynchronizeAccess
iScsiPortValidateRange
iScsiPortWritePortBufferUchar
iScsiPortWritePortBufferUlong
iScsiPortWritePortBufferUshort
iScsiPortWritePortUchar
iScsiPortWritePortUlong
iScsiPortWritePortUshort
iScsiPortWriteRegisterBufferUchar
iScsiPortWriteRegisterBufferUlong
iScsiPortWriteRegisterBufferUshort
iScsiPortWriteRegisterUchar
iScsiPortWriteRegisterUlong
iScsiPortWriteRegisterUshort

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsium.dll
.dll windows:5 windows x86 arch:x86

cdcd25e6583d448ba9633e4613242cba

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:9e:71:4b:a7:85:4f:38:94:59:71:bc:8c:47:c9:d7:e5:c5:09:e9
Signer

Actual PE Digest

44:9e:71:4b:a7:85:4f:38:94:59:71:bc:8c:47:c9:d7:e5:c5:09:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iscsium.pdb

Imports

msvcrt

_wcsicmp
wcslen
calloc
malloc
_adjust_fdiv
_initterm
time
localtime
_except_handler3
iswdigit
_vsnwprintf
_vsnprintf
sprintf
strchr
strtoul
strncpy
free

ntdll

RtlFreeHeap
RtlAllocateHeap

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
WmiFileHandleToInstanceNameW
WmiQuerySingleInstanceW
WmiExecuteMethodW
WmiOpenBlock
WmiQueryAllDataW
WmiCloseBlock
RegQueryValueExW

ws2_32

ntohs
gethostbyaddr
htons
getservbyport
htonl
inet_ntoa
gethostbyname
inet_addr
WSACleanup
WSASetLastError
WSAStartup
closesocket
connect
getservbyname
WSAGetLastError
socket

kernel32

GetTickCount
GetCurrentThreadId
lstrlenW
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
ResetEvent
LocalFree
GetComputerNameExW
UnregisterWaitEx
RegisterWaitForSingleObject
CreateEventW
GetSystemDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetOverlappedResult
WaitForSingleObject
InterlockedIncrement
QueueUserWorkItem
InterlockedDecrement
DeleteTimerQueueTimer
SetEvent
CreateTimerQueueTimer
DeviceIoControl
DisableThreadLibraryCalls
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileW
LoadLibraryW
Sleep
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CloseHandle

user32

RegisterDeviceNotificationW

crypt32

CryptProtectData
CryptUnprotectData

cfgmgr32

CM_Get_Device_ID_Size
CM_Get_Device_IDW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

iphlpapi

GetIpAddrTable

Exports

Exports

DiscpAddStringToMultiSzList
DiscpAlignDataStruct
DiscpAllocMemory
DiscpAllocProcessMemory
DiscpAnsiCharsToString
DiscpAnsiToUnicode
DiscpAnsiToUnicodeSize
DiscpCopyString
DiscpCopyStringToAnsi
DiscpCopyToCountedString
DiscpCopyUnicodeString
DiscpDebugPrintX
DiscpDecryptBuffer
DiscpDisableEventlog
DiscpDisableLogToFile
DiscpDisableWinsock
DiscpDisestablishIrpPump
DiscpDuplicateString
DiscpEnableEventlog
DiscpEnableLogToFile
DiscpEnableWinsock
DiscpEncryptBuffer
DiscpEnumerateDeviceInterfaces
DiscpEnumerateRegistryValues
DiscpEstablishIrpPump
DiscpEstablishTCPSocket
DiscpExecuteMethod
DiscpFreeDeviceInterfaceList
DiscpFreeMemory
DiscpFreeProcessMemory
DiscpGenerateiScsiNameFromComputerName
DiscpGetIpAddressTable
DiscpGetPnpDeviceId
DiscpGetRegistryValue
DiscpGetStringFromDataBlock
DiscpGuidToString
DiscpIdKeyToString
DiscpIsDNSAddress
DiscpIsStringInList
DiscpLoadSystemLibrary
DiscpMapiSCSIString
DiscpOpenRegistryKey
DiscpPadDataBlock
DiscpParseAllData
DiscpParseKeyValue
DiscpParseSingleInstance
DiscpPnpDeviceInterfaceToInstanceName
DiscpQueryAllData
DiscpQuerySingleInstance
DiscpRegCloseKey
DiscpRegisterDebugMask
DiscpRegisterDeviceInterfaceNotification
DiscpRegisterForDeviceInterfaceNotfication
DiscpRegisterHeap
DiscpRemoveStringFromMultiSzList
DiscpReportEventlog
DiscpReportEventlogWithStatus
DiscpSendIrpRequest
DiscpSetRegistryValue
DiscpSockAddrToText
DiscpTextAddrToBinary
DiscpTimebomb
DiscpUTF8ToUnicode
DiscpUnicodeToAnsi
DiscpUnicodeToAnsiSize
DiscpUnicodeToUTF8
DiscpValidateiSCSIString
DiscpXtoI
Discpxtoi
DllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
marvell.reg
msiscsi.sys
.sys windows:5 windows x86 arch:x86

4eaff51084a5b605198212ff8eccb7df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:c7:99:2e:4a:22:13:de:32:83:9d:01:6d:b8:35:02:7a:69:6b:35
Signer

Actual PE Digest

05:c7:99:2e:4a:22:13:de:32:83:9d:01:6d:b8:35:02:7a:69:6b:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msiscsi.pdb

Imports

ntoskrnl.exe

ZwClose
RtlQueryRegistryValues
ZwOpenKey
RtlInitUnicodeString
wcsncmp
RtlWriteRegistryValue
ZwCreateKey
KeWaitForSingleObject
RtlCompareMemory
IoCancelIrp
ObfDereferenceObject
rand
srand
KeQuerySystemTime
PsCreateSystemThread
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateValueKey
ExDeleteNPagedLookasideList
KeDelayExecutionThread
wcschr
ZwEnumerateKey
PsTerminateSystemThread
KeSetBasePriorityThread
KeGetCurrentThread
IoAllocateIrp
IoFreeIrp
ExInterlockedPopEntrySList
IoFreeMdl
IoAllocateWorkItem
IoFreeWorkItem
IoOpenDeviceRegistryKey
ZwQueryValueKey
IoInitializeTimer
IoGetDeviceObjectPointer
_wcsnicmp
ExInitializeNPagedLookasideList
wcscpy
_snwprintf
ExInterlockedPushEntrySList
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
memmove
KeClearEvent
ObfReferenceObject
IoAllocateMdl
_alldiv
_itoa
wcscmp
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
wcsncat
KeQueryTimeIncrement
_allmul
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoReuseIrp
IoBuildPartialMdl
IoInitializeRemoveLockEx
sprintf
MmUnmapLockedPages
IoBuildSynchronousFsdRequest
IoGetDeviceProperty
IoGetDeviceInterfaces
KeBugCheckEx
IoStartTimer
MmLockPagableDataSection
IofCallDriver
IoWMIRegistrationControl
ExAllocatePoolWithTag
wcsncpy
wcslen
KeTickCount
IoQueueWorkItem
KeSetEvent
IoStopTimer
IoReleaseRemoveLockAndWaitEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
MmUnlockPagableImageSection
KeInitializeSpinLock
wcscat
KeInitializeEvent
IoWMIWriteEvent
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
MmProbeAndLockPages
_except_handler3
MmUnlockPages
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
atoi
_snprintf
strncpy

hal

KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfReleaseSpinLock

iscsiprt.sys

iScsiPortGetOriginalMdl
ScsiPortWmiSetInstanceCount
ScsiPortWmiSetData
ScsiPortWmiSetInstanceName
ScsiPortWmiGetInstanceName
ScsiPortWmiPostProcess
ScsiPortWmiDispatchFunction
iScsiPortResumeDevice
iScsiPortInitialize
iScsiPortCompleteServiceIrp
iScsiPortNotification
iScsiPortPauseDevice

tdi.sys

TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiscsi_64.sys
.sys windows:5 windows x64 arch:x64

e250b32b8c87bf3fece0471a23e6e917

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:d8:fb:cb:40:e0:e5:00:05:cc:44:cb:ae:61:4d:bd:c3:f0:58:e4
Signer

Actual PE Digest

10:d8:fb:cb:40:e0:e5:00:05:cc:44:cb:ae:61:4d:bd:c3:f0:58:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msiscsi.pdb

Imports

ntoskrnl.exe

IoStartTimer
IoInitializeTimer
KeInitializeEvent
wcsncpy
ExInitializeNPagedLookasideList
InitializeSListHead
ZwClose
RtlQueryRegistryValues
ZwOpenKey
RtlInitUnicodeString
wcsncmp
RtlWriteRegistryValue
ZwCreateKey
KeWaitForSingleObject
RtlCompareMemory
IoCancelIrp
ObfDereferenceObject
rand
srand
PsCreateSystemThread
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateValueKey
ExDeleteNPagedLookasideList
KeDelayExecutionThread
wcschr
ZwEnumerateKey
PsTerminateSystemThread
KeSetBasePriorityThread
IoAllocateIrp
IoFreeIrp
ExpInterlockedPopEntrySList
IoFreeMdl
IoAllocateWorkItem
MmLockPagableDataSection
IoOpenDeviceRegistryKey
ZwQueryValueKey
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
_wcsnicmp
_snwprintf
ExpInterlockedPushEntrySList
ExQueryDepthSList
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
KeClearEvent
ObfReferenceObject
IoAllocateMdl
ExReleaseFastMutex
ExAcquireFastMutex
_itoa
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
wcsncat
KeQueryTimeIncrement
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoReuseIrp
IoBuildPartialMdl
IoInitializeRemoveLockEx
sprintf
MmUnmapLockedPages
IoBuildSynchronousFsdRequest
MmMapIoSpace
IoGetDeviceProperty
IoGetDeviceInterfaces
KeBugCheckEx
IoQueueWorkItem
KeSetEvent
IoStopTimer
IoReleaseRemoveLockAndWaitEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
MmUnlockPagableImageSection
IofCallDriver
ExAllocatePoolWithTag
IoWMIRegistrationControl
IoWMIWriteEvent
IoFreeWorkItem
ExFreePoolWithTag
__C_specific_handler
MmProbeAndLockPages
MmUnlockPages
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
atoi
_snprintf
strncpy

iscsiprt.sys

iScsiPortGetOriginalMdl
ScsiPortWmiSetInstanceCount
ScsiPortWmiSetData
ScsiPortWmiSetInstanceName
ScsiPortWmiGetInstanceName
ScsiPortWmiPostProcess
ScsiPortWmiDispatchFunction
iScsiPortResumeDevice
iScsiPortInitialize
iScsiPortCompleteServiceIrp
iScsiPortNotification
iScsiPortPauseDevice

tdi.sys

TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGELK
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvefd2k.sys
.sys windows:5 windows x86 arch:x86

3f081f94031ceb0cd044dfd05c53e950

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:c4:ef:65:d0:75:9f:75:33:14:4a:99:a5:06:66:d9:ce:0a:00:1b
Signer

Actual PE Digest

28:c4:ef:65:d0:75:9f:75:33:14:4a:99:a5:06:66:d9:ce:0a:00:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BldNetMCP\net\rel67\drivers\windows\ethernet\objfre_wnet_x86\i386\nvefd2k.pdb

Imports

ntoskrnl.exe

IofCallDriver
MmMapLockedPages
RtlUnicodeStringToAnsiString
KeBugCheckEx
KeTickCount
IoGetDeviceProperty
KeInitializeEvent
IoBuildSynchronousFsdRequest
MmMapLockedPagesSpecifyCache
KeWaitForSingleObject
RtlGUIDFromString
RtlFreeUnicodeString
IoFreeMdl
RtlInitString
RtlAnsiStringToUnicodeString

hal

KfAcquireSpinLock
KfReleaseSpinLock

nvnrm.sys

_NRM_OSApiInit@4
_NRM_MCPInit@12

ndis.sys

NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisInitializeEvent
NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisOpenConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisMInitializeScatterGatherDma
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisMRegisterAdapterShutdownHandler
NdisInitializeString
NdisOpenFile
NdisReadConfiguration
NdisMapFile
NdisAllocateMemoryWithTag
NdisUnmapFile
NdisUnchainBufferAtFront
NdisFreePacket
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisWriteErrorLogEntry
NdisAllocateBuffer
NdisAllocatePacket
NdisReadPciSlotInformation
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisFreePacketPool
NdisFreeBufferPool
NdisMSleep
NdisWaitEvent
NdisSetEvent
NdisWritePciSlotInformation
NdisCloseFile

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvefdxp.sys
.sys windows:5 windows x86 arch:x86

e1f88564699b64b8b75207d1ee9d3a15

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:13:d4:db:34:11:7c:c7:94:95:68:16:56:cf:c1:83:db:e2:68:e3
Signer

Actual PE Digest

97:13:d4:db:34:11:7c:c7:94:95:68:16:56:cf:c1:83:db:e2:68:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BldNetMCP\net\rel67\drivers\windows\ethernet\objfre_wnet_x86\i386\nvefdxp.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
KeBugCheckEx
KeTickCount
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoGetDeviceProperty
MmMapLockedPagesSpecifyCache
IoBuildSynchronousFsdRequest
IofCallDriver
KeWaitForSingleObject
RtlGUIDFromString
RtlFreeUnicodeString
IoFreeMdl
RtlInitString

hal

KfReleaseSpinLock
KfAcquireSpinLock

nvnrm.sys

_NRM_OSApiInit@4
_NRM_MCPInit@12

ndis.sys

NdisMInitializeTimer
NdisSetTimer
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisInitializeEvent
NdisMGetDeviceProperty
NdisMSetAttributesEx
NdisOpenConfiguration
NdisReadNetworkAddress
NdisCloseConfiguration
NdisMInitializeScatterGatherDma
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisInitializeString
NdisOpenFile
NdisMapFile
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisUnmapFile
NdisCloseFile
NdisUnchainBufferAtFront
NdisFreePacket
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisWriteErrorLogEntry
NdisAllocateBuffer
NdisAllocatePacket
NdisReadPciSlotInformation
NdisFreeMemory
NdisFreePacketPool
NdisFreeBufferPool
NdisMSleep
NdisMCancelTimer
NdisWaitEvent
NdisSetEvent
NdisWritePciSlotInformation

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvmcp.reg
nvn_bus.sys
.sys windows:5 windows x86 arch:x86

c9096b64162f4ba680d2e54d2ec6a76a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:2a:10:5a:45:41:7d:4c:ed:e0:2f:c7:b5:98:4e:53:fd:af:ca:56
Signer

Actual PE Digest

ca:2a:10:5a:45:41:7d:4c:ed:e0:2f:c7:b5:98:4e:53:fd:af:ca:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BldNetMCP\net\rel67\drivers\windows\bus\objfre_wnet_x86\i386\nvnetbus.pdb

Imports

ntoskrnl.exe

IoInitializeRemoveLockEx
IoCreateDevice
IofCompleteRequest
InterlockedExchange
IofCallDriver
KeWaitForSingleObject
KeInitializeEvent
MmUnlockPages
MmMapLockedPagesSpecifyCache
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
MmProbeAndLockPages
_except_handler3
PoRequestPowerIrp
InterlockedDecrement
InterlockedIncrement
PoStartNextPowerIrp
IoCancelIrp
PoCallDriver
swprintf
IoSetDeviceInterfaceState
KeInitializeSpinLock
RtlCompareMemory
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoInvalidateDeviceRelations
RtlEqualUnicodeString
RtlInitUnicodeString
IoGetDeviceProperty
IoBuildSynchronousFsdRequest
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
wcslen
IoGetAttachedDeviceReference
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwUnmapViewOfSection
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeTickCount
KeBugCheckEx
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoDeleteDevice
PoSetPowerState
ObfDereferenceObject
KeSetEvent
ExFreePool
ObfReferenceObject
ExAllocatePoolWithTag

hal

KfAcquireSpinLock
KeStallExecutionProcessor
KfReleaseSpinLock

nvnrm.sys

_PARAM_Init@4
_NRM_InitBDTable@8
_NRM_OSApiInit@4
_PARAM_InitClient@4

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvnrm.sys
.sys windows:5 windows x86 arch:x86

580719f84af0acaa729eb9023c443274

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:cd:71:b6:0a:af:94:b2:8a:8e:2e:c8:7f:76:73:3b:8a:1f:36:57
Signer

Actual PE Digest

7a:cd:71:b6:0a:af:94:b2:8a:8e:2e:c8:7f:76:73:3b:8a:1f:36:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BldNetMCP\net\rel67\drivers\common\resman\objfre_wnet_x86\i386\nvnrm.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeStallExecutionProcessor
KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql
KeQueryPerformanceCounter

ntoskrnl.exe

KeTickCount
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryInterruptTime
InterlockedExchange
KeBugCheckEx
sprintf
IoGetDmaAdapter
IoConnectInterrupt
IoDisconnectInterrupt
ExFreePool
RtlCompareMemory
memmove
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
InterlockedIncrement
KeSetTimer
KeDelayExecutionThread
InterlockedDecrement
KeRemoveQueueDpc
KeCancelTimer
InterlockedCompareExchange
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExAllocatePoolWithTag
strstr
ZwClose
ZwCreateKey
RtlInitUnicodeString
ZwSetValueKey
ZwQueryValueKey
KeWaitForSingleObject
KeSetEvent
KeResetEvent
KeInitializeDpc
KeInitializeTimerEx
RtlQueryRegistryValues
ZwQueryKey
ZwEnumerateKey
KeInitializeEvent
KeInsertQueueDpc
MmMapIoSpace
MmUnmapIoSpace
KeSetTargetProcessorDpc
KeQueryActiveProcessors

Exports

Exports

DllInitialize
DllUnload
DriverEntry
_LBFO_Start@8
_NRM_InitBDTable@8
_NRM_MCPInit@12
_NRM_OSApiInit@4
_PARAM_Init@4
_PARAM_InitClient@4

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvphy.bin
nxd10.sys
.sys windows:6 windows x86 arch:x86

de434593f56e12b1608467c4d4cd654b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:cb:59:35:d9:1b:9a:53:04:14:ea:2f:ab:0e:50:4b:d2:bc:48:f7
Signer

Actual PE Digest

de:cb:59:35:d9:1b:9a:53:04:14:ea:2f:ab:0e:50:4b:d2:bc:48:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxd\objfre_w2k_x86\i386\nxd10.pdb

Imports

ntoskrnl.exe

KeInitializeSemaphore
_allshr
ExAllocatePoolWithTag
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
KeReadStateSemaphore
ExInterlockedPushEntrySList
ExfInterlockedInsertTailList
ExfInterlockedInsertHeadList
KeSetEvent
IofCompleteRequest
PoStartNextPowerIrp
PoCallDriver
KeBugCheck
IoFreeIrp
ExDeleteNPagedLookasideList
IoRaiseInformationalHardError
KeGetCurrentThread
IoSetThreadHardErrorMode
IoStartPacket
IoInvalidateDeviceRelations
memcpy
_allmul
ExInterlockedPopEntrySList
IoGetRelatedDeviceObject
IoAllocateIrp
ObReferenceObjectByHandle
ZwCreateFile
memset
IoCancelIrp
MmMapLockedPagesSpecifyCache
ZwClose
IoBuildPartialMdl
IoAllocateMdl
ExInitializeNPagedLookasideList
PsCreateSystemThread
IoAttachDeviceToDeviceStack
IoGetDeviceProperty
KeReleaseSemaphore
ObfReferenceObject
IoDetachDevice
ObReferenceObjectByPointer
KeDelayExecutionThread
vsprintf
ZwQueryValueKey
ZwOpenKey
_alldiv
KeQuerySystemTime
IoStartNextPacket
KeSetPriorityThread
IoFreeMdl
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
MmUnlockPages
RtlDeleteRegistryValue
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
PsTerminateSystemThread
ExfInterlockedRemoveHeadList
ExFreePoolWithTag
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
swprintf
IoRegisterLastChanceShutdownNotification
RtlUnwind

hal

KfLowerIrql
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
ExAcquireFastMutex

tdi.sys

TdiReturnChainedReceives
TdiRegisterPnPHandlers

Exports

Exports

NotifyCacheInfoToNxD

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 128B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxd11.sys
.sys windows:6 windows x86 arch:x86

7c16037a168451d75ed27e9573b8bb17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:c8:f9:17:ab:d6:64:ca:a8:92:87:44:fd:58:0d:8e:e0:5c:72:ec
Signer

Actual PE Digest

9e:c8:f9:17:ab:d6:64:ca:a8:92:87:44:fd:58:0d:8e:e0:5c:72:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxd\objfre_wxp_x86\i386\nxd11.pdb

Imports

ntoskrnl.exe

KeInitializeSemaphore
_allshr
ExAllocatePoolWithTag
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
KeReadStateSemaphore
InterlockedPushEntrySList
ExfInterlockedInsertTailList
ExfInterlockedInsertHeadList
KeSetEvent
IofCompleteRequest
PoStartNextPowerIrp
PoCallDriver
KeBugCheck
IoFreeIrp
ExDeleteNPagedLookasideList
IoRaiseInformationalHardError
KeGetCurrentThread
IoSetThreadHardErrorMode
IoStartPacket
IoInvalidateDeviceRelations
memcpy
_allmul
InterlockedPopEntrySList
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
IoCancelIrp
MmMapLockedPagesSpecifyCache
memset
ZwClose
IoBuildPartialMdl
IoAllocateMdl
ExInitializeNPagedLookasideList
RtlGetVersion
PsCreateSystemThread
IoAttachDeviceToDeviceStack
KeReleaseSemaphore
swprintf
ObfReferenceObject
IoDetachDevice
ObReferenceObjectByPointer
KeDelayExecutionThread
vsprintf
ZwQueryValueKey
ZwOpenKey
_alldiv
KeQuerySystemTime
IoStartNextPacket
KeSetPriorityThread
IoFreeMdl
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
MmUnlockPages
RtlDeleteRegistryValue
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
PsTerminateSystemThread
ExfInterlockedRemoveHeadList
ExFreePoolWithTag
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoGetDeviceProperty
IoRegisterLastChanceShutdownNotification
RtlUnwind

hal

KfLowerIrql
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel
KeGetCurrentIrql
ExAcquireFastMutex

tdi.sys

TdiReturnChainedReceives
TdiRegisterPnPHandlers

Exports

Exports

NotifyCacheInfoToNxD

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 128B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxd21.sys
.sys windows:6 windows x64 arch:x64

159fe38840a5438f1346b9df65dd6811

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:61:6a:81:ba:ba:39:78:46:83:ca:d6:76:4b:66:89:62:d1:69:72
Signer

Actual PE Digest

d7:61:6a:81:ba:ba:39:78:46:83:ca:d6:76:4b:66:89:62:d1:69:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\nxd\objfre_wnet_amd64\amd64\nxd21.pdb

Imports

ntoskrnl.exe

ExInterlockedInsertTailList
ExpInterlockedPushEntrySList
ExQueryDepthSList
KeInitializeSemaphore
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetDeviceObjectPointer
KeInitializeEvent
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoCreateDevice
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoDeleteDevice
KeReadStateSemaphore
IoRegisterLastChanceShutdownNotification
KeSetEvent
IofCompleteRequest
PoStartNextPowerIrp
PoCallDriver
IoFreeIrp
KeBugCheck
ExDeleteNPagedLookasideList
IoSetThreadHardErrorMode
IoRaiseInformationalHardError
IoStartPacket
ZwCreateFile
ObReferenceObjectByHandle
IoInvalidateDeviceRelations
IoGetRelatedDeviceObject
IoAllocateIrp
IoCancelIrp
MmMapLockedPagesSpecifyCache
ExAcquireFastMutex
ExReleaseFastMutex
ExpInterlockedPopEntrySList
ZwClose
IoAllocateMdl
IoBuildPartialMdl
ExInitializeNPagedLookasideList
ExInterlockedInsertHeadList
PsCreateSystemThread
swprintf
IoDetachDevice
ObReferenceObjectByPointer
IoGetDeviceProperty
IoAttachDeviceToDeviceStack
ObfReferenceObject
MmUnlockPages
RtlDeleteRegistryValue
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
vsprintf
ZwQueryValueKey
ZwOpenKey
IoStartNextPacket
KeSetPriorityThread
MmBuildMdlForNonPagedPool
KeDelayExecutionThread
MmProbeAndLockPages
IoFreeMdl
ObReferenceObjectByName
IoDriverObjectType
KeBugCheckEx
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeWaitForSingleObject
RtlGetVersion
KeReleaseSemaphore
__C_specific_handler

tdi.sys

TdiReturnChainedReceives
TdiRegisterPnPHandlers

Exports

Exports

NotifyCacheInfoToNxD

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxddsk.inf
nxddsk10.sys
.sys windows:6 windows x86 arch:x86

da088004d774f788ede18e6eeae8dd80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:1f:91:51:61:54:65:e7:be:e1:5c:0b:eb:bc:41:f8:1d:64:58:3a
Signer

Actual PE Digest

91:1f:91:51:61:54:65:e7:be:e1:5c:0b:eb:bc:41:f8:1d:64:58:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxddsk\objfre_w2k_x86\i386\nxddsk.pdb

Imports

ntoskrnl.exe

memcpy
memset
ExAllocatePoolWithTag
ExFreePoolWithTag
KeSetEvent
KeWaitForSingleObject
_allrem
_allmul
IoInvalidateDeviceRelations
IofCallDriver
KeInitializeEvent
RtlInitUnicodeString
ZwClose
ObQueryNameString
IoGetConfigurationInformation
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwMakeTemporaryObject
ZwCreateDirectoryObject
swprintf
IoBuildDeviceIoControlRequest
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateSymbolicLink
IoDeleteSymbolicLink
ObfReferenceObject
IoDetachDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
memmove
ObReferenceObjectByPointer
KeTickCount

hal

IoSetPartitionInformation
IoWritePartitionTable
IoReadPartitionTable

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxddsk11.sys
.sys windows:6 windows x86 arch:x86

0d42d8be6b4969b37f74b83de41b9f64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:9f:84:97:7b:d3:72:a4:24:56:fa:5d:73:da:29:aa:03:14:14:09
Signer

Actual PE Digest

7d:9f:84:97:7b:d3:72:a4:24:56:fa:5d:73:da:29:aa:03:14:14:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxddsk\objfre_wxp_x86\i386\nxddsk.pdb

Imports

ntoskrnl.exe

memcpy
memset
ExAllocatePoolWithTag
ExFreePoolWithTag
IoReadPartitionTableEx
_alldiv
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoVerifyPartitionTable
IoSetPartitionInformation
KeSetEvent
KeWaitForSingleObject
IoInvalidateDeviceRelations
IoCreateDisk
_allrem
_allmul
IofCallDriver
KeInitializeEvent
RtlInitUnicodeString
ZwClose
ObQueryNameString
IoGetConfigurationInformation
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwMakeTemporaryObject
ZwCreateDirectoryObject
swprintf
IoBuildDeviceIoControlRequest
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateSymbolicLink
IoDeleteSymbolicLink
ObfReferenceObject
IoDetachDevice
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IoGetAttachedDeviceReference
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
memmove
ObReferenceObjectByPointer
IoReadDiskSignature
KeTickCount
KeBugCheckEx

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxddsk21.sys
.sys windows:6 windows x64 arch:x64

9faba484d0be90847c64790a2cdc9f0c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:e4:49:da:d5:55:3b:e1:04:ce:d6:7b:64:4b:0f:5c:aa:ab:31:68
Signer

Actual PE Digest

67:e4:49:da:d5:55:3b:e1:04:ce:d6:7b:64:4b:0f:5c:aa:ab:31:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\nxddsk\objfre_wnet_amd64\amd64\nxddsk.pdb

Imports

ntoskrnl.exe

IoSetPartitionInformation
ObfReferenceObject
IoRegisterDeviceInterface
RtlFreeUnicodeString
IoCreateSymbolicLink
ZwMakeTemporaryObject
IoSetDeviceInterfaceState
ObQueryNameString
ObfDereferenceObject
IoBuildSynchronousFsdRequest
RtlInitUnicodeString
IoWritePartitionTableEx
IoCreateDevice
IoDeleteDevice
KeSetEvent
swprintf
PoStartNextPowerIrp
IoVerifyPartitionTable
ZwClose
ObReferenceObjectByPointer
IofCompleteRequest
IoReadPartitionTableEx
KeInitializeEvent
IofCallDriver
ZwCreateDirectoryObject
ExAllocatePoolWithTag
KeWaitForSingleObject
IoInvalidateDeviceRelations
IoSetPartitionInformationEx
IoGetAttachedDeviceReference
IoGetConfigurationInformation
IoAttachDeviceToDeviceStack
PoCallDriver
IoBuildDeviceIoControlRequest
IoDetachDevice
IoCreateDisk
IoDeleteSymbolicLink
IoReadDiskSignature
ExFreePoolWithTag
KeBugCheckEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdhlp11.sys
.sys windows:6 windows x86 arch:x86

51e664d155737b927d93b3d77ffbc5f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:7a:c7:a8:53:12:1b:f7:48:bc:ca:45:27:6d:fc:8e:07:b9:54:37
Signer

Actual PE Digest

ec:7a:c7:a8:53:12:1b:f7:48:bc:ca:45:27:6d:fc:8e:07:b9:54:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxdhlp\objfre_wxp_x86\i386\nxdhlp.pdb

Imports

ntoskrnl.exe

swprintf
ExAllocatePoolWithTag
memset
ZwOpenKey
IoCreateDevice
RtlAppendUnicodeToString
RtlCreateRegistryKey
IofCompleteRequest
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalMemoryRanges
ZwEnumerateKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
memcpy
KeDelayExecutionThread
InbvEnableDisplayString
RtlInitUnicodeString
sprintf
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
_wcsnicmp
IoDeleteDevice
IoCreateSymbolicLink
KeTickCount
KeBugCheckEx
ZwCreateKey
ZwSetValueKey
ZwClose
ExFreePoolWithTag

hal

HalDisplayString
HalGetBusDataByOffset

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdhlp21.sys
.sys windows:6 windows x64 arch:x64

70fd95acee230d7aeac241d6da45a49d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:c1:56:13:c9:6c:a7:87:87:54:18:a4:5b:bc:92:7a:e5:56:52:fe
Signer

Actual PE Digest

a2:c1:56:13:c9:6c:a7:87:87:54:18:a4:5b:bc:92:7a:e5:56:52:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\nxdhlp\objfre_wnet_amd64\amd64\nxdhlp.pdb

Imports

ntoskrnl.exe

ZwEnumerateKey
RtlAppendUnicodeToString
RtlCreateRegistryKey
IofCompleteRequest
MmMapIoSpace
MmUnmapIoSpace
MmGetPhysicalMemoryRanges
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ExAllocatePoolWithTag
swprintf
RtlInitUnicodeString
ZwCreateKey
ZwSetValueKey
ZwClose
ExFreePoolWithTag
sprintf
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
KeDelayExecutionThread
_wcsnicmp
InbvEnableDisplayString
IoCreateSymbolicLink
IoDeleteDevice
KeBugCheckEx
IoCreateDevice
ZwOpenKey

hal

HalGetBusDataByOffset
HalDisplayString

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdsta11.sys
.sys windows:6 windows x86 arch:x86

113d373f163b56a867db4ac5eb163996

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:63:ff:e5:80:f2:f9:4d:90:63:51:84:6c:7f:98:19:a8:77:01:3c
Signer

Actual PE Digest

c7:63:ff:e5:80:f2:f9:4d:90:63:51:84:6c:7f:98:19:a8:77:01:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\nxdstat\objfre_wxp_x86\i386\nxdstat.pdb

Imports

ntoskrnl.exe

ExAllocatePool
ZwQueryValueKey
ExFreePoolWithTag
memcpy
ZwClose
RtlInitUnicodeString
swprintf
memset
_wcsnicmp
ZwOpenKey
wcsncmp
ZwOpenFile
ZwCreateFile
IoCreateDevice
ZwEnumerateKey
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 648B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxdsta21.sys
.sys windows:6 windows x64 arch:x64

54cce94f17e36ed6d7104cd0e04368c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ff:ce:09:db:64:5a:e7:2d:cd:8b:17:ec:d2:da:dc:35:45:ef:ac
Signer

Actual PE Digest

4f:ff:ce:09:db:64:5a:e7:2d:cd:8b:17:ec:d2:da:dc:35:45:ef:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\nxdstat\objfre_wnet_amd64\amd64\nxdstat.pdb

Imports

ntoskrnl.exe

ZwEnumerateKey
IoCreateDevice
ZwQueryValueKey
ExFreePoolWithTag
ExAllocatePool
RtlInitUnicodeString
ZwClose
swprintf
ZwOpenKey
_wcsnicmp
KeBugCheckEx

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nxpauxsvc.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:0c:b2:34:e8:4e:41:07:9a:03:9a:5d:25:d3:db:b8:99:29:85:9f
Signer

Actual PE Digest

c5:0c:b2:34:e8:4e:41:07:9a:03:9a:5d:25:d3:db:b8:99:29:85:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 222KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nxplan_en.ini
nxplan_gb.ini
nxprun.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:b7:7f:79:7e:ee:5f:ac:f8:01:23:69:cb:8c:da:c7:3a:77:a1:8c
Signer

Actual PE Digest

e0:b7:7f:79:7e:ee:5f:ac:f8:01:23:69:cb:8c:da:c7:3a:77:a1:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 233KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nzFile.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:d4:f0:d8:f5:1d:61:44:51:33:dc:c6:02:38:89:66:ff:19:32:dd
Signer

Actual PE Digest

c4:d4:f0:d8:f5:1d:61:44:51:33:dc:c6:02:38:89:66:ff:19:32:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 197KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nzfc.dll
.dll windows:4 windows x86 arch:x86

71d14ce8f73ae03149205ae47b33ce99

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:d3:2c:1b:97:2d:f4:d9:7f:ef:5e:e8:3b:90:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/07/2011, 00:00

Not After

04/08/2012, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:b7:e8:32:0b:6d:24:0c:15:b5:36:d4:ab:fe:da:e3:36:06:13:d6
Signer

Actual PE Digest

86:b7:e8:32:0b:6d:24:0c:15:b5:36:d4:ab:fe:da:e3:36:06:13:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetLastError
ReleaseMutex
GetTickCount
SuspendThread
ResumeThread
Sleep
FormatMessageA
lstrlenA
FindClose
BackupWrite
BackupSeek
BackupRead
ReadFile
SetFilePointer
SetLastError
SetEndOfFile
FlushFileBuffers
WriteFile
SetFileTime
SetProcessWorkingSetSize
GetProcAddress
GetModuleHandleA
lstrlenW
lstrcmpiW
GetCommandLineW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CreateFileW
FindNextFileW
FindFirstFileW
SetFileAttributesW
GetFileAttributesW
CreateMutexA
LoadLibraryA
IsDBCSLeadByte
CreateFileA
SetUnhandledExceptionFilter
SetEvent
VirtualLock
VirtualFree
VirtualAlloc
CreateEventA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetCurrentProcess
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetFullPathNameA
DeleteCriticalSection
GetVersion
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
GetOEMCP
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
HeapDestroy
HeapCreate
GetCPInfo
GetACP

user32

CharUpperW
CharLowerW
wsprintfA
InsertMenuW
DialogBoxParamW
CreateDialogParamW
wsprintfW
LoadStringA
GetWindowTextW
SetWindowTextW
GetWindowTextLengthW
GetDlgItemTextW
SetDlgItemTextW
PostMessageW
SendMessageW
SendDlgItemMessageW
MessageBoxW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupPrivilegeValueA
RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
AdjustTokenPrivileges

shell32

DragQueryFileW

Exports

Exports

_GetFastCopyConfig@12
_GetFastCopyTaskInfo@16
_Initialize@0
_RemoveFastCopyTask@8
_ResumeFastCopyTask@8
_SetFastCopyConfig@12
_StartFastCopyTask@12
_StopFastCopyTask@8
_SuspendFastCopyTask@8

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nznat.exe
.sys windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:a2:8b:d1:f3:fb:ce:49:dd:3f:53:e6:e1:5a:99:72:47:54:31:8a
Signer

Actual PE Digest

d8:a2:8b:d1:f3:fb:ce:49:dd:3f:53:e6:e1:5a:99:72:47:54:31:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nznat64.exe
.sys windows:4 windows x64 arch:x64

a7e193dff8090dda1c05bdc8d6837811

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:63:c3:ca:6a:d3:d7:66:53:76:22:a4:23:49:12:c2:57:e0:48:97
Signer

Actual PE Digest

6a:63:c3:ca:6a:d3:d7:66:53:76:22:a4:23:49:12:c2:57:e0:48:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

DbgPrint
NtClose
NtCreateFile
NtCreateKey
NtCreatePagingFile
NtDelayExecution
NtDeleteFile
NtDeleteValueKey
NtDeviceIoControlFile
NtFlushKey
NtFsControlFile
NtLoadKey
NtOpenFile
NtOpenKey
NtOpenSymbolicLinkObject
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
NtQueryValueKey
NtReadFile
NtResumeThread
NtSetInformationFile
NtSetValueKey
NtWaitForSingleObject
NtWriteFile
RtlAdjustPrivilege
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
RtlDosPathNameToNtPathName_U
RtlEqualUnicodeString
RtlFreeAnsiString
RtlFreeHeap
RtlGetVersion
RtlInitAnsiString
RtlInitUnicodeString
RtlQueryEnvironmentVariable_U
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwDisplayString
_wcsicmp
swprintf
wcscat
wcscpy
wcslen
wcsncpy
wcsstr

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nznotify.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d1:e6:f4:61:dd:bf:eb:68:d6:ab:20:1e:b0:2d:a9:a2:45:7b:e4:12
Signer

Actual PE Digest

d1:e6:f4:61:dd:bf:eb:68:d6:ab:20:1e:b0:2d:a9:a2:45:7b:e4:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

nzLogOff
nzLogon
nzShutdown
nzStart
nzStartShell

Sections

CODE
Size: 196KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nzrpccli.dll
.dll windows:4 windows x86 arch:x86

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:d3:2c:1b:97:2d:f4:d9:7f:ef:5e:e8:3b:90:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/07/2011, 00:00

Not After

04/08/2012, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ed:3e:27:68:bf:10:57:2c:47:ff:51:05:64:f0:30:ba:04:e3:b8
Signer

Actual PE Digest

86:ed:3e:27:68:bf:10:57:2c:47:ff:51:05:64:f0:30:ba:04:e3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DelFile
DelFile2
FreeRPCClient
GetFile
GetFile2
GetRPCClient
PutFile
PutFile2
SetUtf8Flag

Sections

CODE
Size: 48KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nzviewer_en.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:d1:68:6c:65:fe:b0:ae:3b:6b:09:83:21:24:4b:ea:9e:43:12:39
Signer

Actual PE Digest

42:d1:68:6c:65:fe:b0:ae:3b:6b:09:83:21:24:4b:ea:9e:43:12:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 127KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nzviewer_gb.exe
.exe windows:4 windows x86 arch:x86

d4b535eb79075ea37920d04cf1aa43c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:5a:df:f1:1e:00:ef:2c:46:85:8a:34:5c:b6:8e:30:c2:5c:a2:12
Signer

Actual PE Digest

b9:5a:df:f1:1e:00:ef:2c:46:85:8a:34:5c:b6:8e:30:c2:5c:a2:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
FillRect
InvalidateRect
EndPaint
SetRect
GetMessageA
BeginPaint
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TranslateMessage
PostThreadMessageA
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
CreateDialogParamA
MapVirtualKeyA
keybd_event
EndDialog
SetWindowTextA
EnableMenuItem
ModifyMenuA
InsertMenuA
RemoveMenu
GetUpdateRect
SetForegroundWindow
SetActiveWindow
MessageBeep
ShowCursor
DispatchMessageA
IsWindowVisible
ShowWindow
GetDlgItem
GetWindowLongA
DialogBoxParamA
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
EnableWindow
DefWindowProcA
GetDC
ReleaseDC
GetIconInfo
SystemParametersInfoA
GetDesktopWindow
MessageBoxA
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
ToAscii
GetKeyboardState
AdjustWindowRect
GetSystemMetrics
GetClientRect
SetScrollInfo
SetCursor
GetAsyncKeyState
GetCursorPos
TrackPopupMenu
PostQuitMessage
SetTimer
ScrollWindowEx
UpdateWindow
CheckMenuItem
AppendMenuA
SetWindowLongA
GetWindowRect
SetWindowPos
GetSystemMenu
LoadImageA
DestroyWindow
KillTimer
CreateWindowExA
UnregisterClassA
RegisterClassA

gdi32

CreateDIBSection
BitBlt
SelectPalette
RealizePalette
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateCompatibleDC
GetDIBits
ResizePalette
UnrealizeObject
SetPaletteEntries
DeleteObject
CreatePalette
GetObjectA
SetDIBColorTable
GetStockObject

ws2_32

select
WSAStartup
WSAGetLastError
WSAAsyncSelect
gethostbyname
htons
inet_addr
closesocket
recv
getsockname
getpeername
ntohs
shutdown
listen
bind
htonl
accept
send
socket
inet_ntoa
setsockopt
connect

comctl32

PropertySheetA
_TrackMouseEvent
CreatePropertySheetPageA

shell32

Shell_NotifyIconA

comdlg32

CommDlgExtendedError
GetSaveFileNameA

kernel32

TlsFree
HeapCreate
GlobalUnlock
GlobalLock
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
CreateFileA
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
VirtualAlloc
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
FlushFileBuffers
LCMapStringW
LCMapStringA
MultiByteToWideChar
VirtualFree
GetSystemTimeAsFileTime
GlobalFree
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetLastError
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ResetEvent
SetEvent
GetCurrentDirectoryA
AllocConsole
FreeConsole
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
TlsAlloc
TlsSetValue
CreateThread
CreateEventA
CloseHandle
ResumeThread
GetCurrentThread
GetCurrentThreadId
TlsGetValue
GetModuleFileNameA
GetProcAddress
LoadLibraryA
FreeLibrary
HeapDestroy
HeapValidate
IsBadReadPtr
GlobalAlloc
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadWritePtr
FreeEnvironmentStringsA
HeapFree
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
FreeEnvironmentStringsW
SetLastError
FatalAppExitA
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
UnhandledExceptionFilter

advapi32

RegSetValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oeminfo_en.ini
oeminfo_gb.ini
oemlogo_en.bmp
oemlogo_gb.bmp
pro1002k.sys
.sys windows:5 windows x86 arch:x86

6e153699ad1c1389a501f00e58143dde

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:f9:f2:e7:dc:e5:b0:58:ad:31:fb:06:78:e7:9d:58:a8:cf:69:5c
Signer

Actual PE Digest

ad:f9:f2:e7:dc:e5:b0:58:ad:31:fb:06:78:e7:9d:58:a8:cf:69:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT

hal

KeGetCurrentIrql
READ_PORT_USHORT
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeStallExecutionProcessor
READ_PORT_ULONG
WRITE_PORT_ULONG

ndis.sys

NdisMStartBufferPhysicalMapping
NdisMRegisterAdapterShutdownHandler
NdisMCompleteBufferPhysicalMapping
NdisReleaseSpinLock
NdisSetEvent
NdisSetTimer
NdisAcquireSpinLock
NdisMCancelTimer
NdisResetEvent
NdisMSleep
NdisMFreeSharedMemory
NdisFreeMemory
NdisWriteErrorLogEntry
NdisMAllocateSharedMemory
NdisAllocateMemoryWithTag
NdisAdjustBufferLength
NdisUnchainBufferAtFront
NdisFreeSpinLock
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMDeregisterInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMAllocateMapRegisters
NdisMRegisterInterrupt
NdisCloseConfiguration
NdisOpenConfiguration
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMInitializeTimer
NdisMSetAttributesEx
NdisInitializeEvent
NdisAllocateSpinLock
NdisMRegisterMiniport
NdisInitializeWrapper
NdisWaitEvent
NdisFreePacket
NdisFreeBuffer
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisFreePacketPool
NdisFreeBufferPool
NdisQueryBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisReadNetworkAddress
NdisReadConfiguration
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMPciAssignResources
NdisMQueryAdapterResources

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pro100xp.sys
.sys windows:5 windows x86 arch:x86

d26eea91e5fcb653ee714c9160bad2f3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:23:f4:f7:d0:49:50:fc:2c:d6:fe:93:04:e7:39:dd:f7:5b:09:a6
Signer

Actual PE Digest

d0:23:f4:f7:d0:49:50:fc:2c:d6:fe:93:04:e7:39:dd:f7:5b:09:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sandbox\90142\base\fre\i386\E100B325.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlInitUnicodeString
IofCompleteRequest
ZwClose
ZwOpenFile
MmMapLockedPagesSpecifyCache
IoFreeMdl
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel

hal

READ_PORT_USHORT
WRITE_PORT_ULONG
KfAcquireSpinLock
READ_PORT_ULONG
KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
WRITE_PORT_USHORT

ndis.sys

NdisMQueryAdapterResources
NdisMPciAssignResources
NdisMStartBufferPhysicalMapping
NdisWritePciSlotInformation
NdisReadConfiguration
NdisReadNetworkAddress
NdisMCompleteBufferPhysicalMapping
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisReadPciSlotInformation
NdisMFreeMapRegisters
NdisSetTimer
NdisResetEvent
NdisMSleep
NdisSetEvent
NdisMCancelTimer
NdisMFreeSharedMemory
NdisFreeMemory
NdisWriteErrorLogEntry
NdisMAllocateSharedMemory
NdisAllocateMemoryWithTag
NdisUnchainBufferAtFront
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisQueryBufferSafe
NdisMDeregisterInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisCloseConfiguration
NdisOpenConfiguration
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMInitializeTimer
NdisMSetAttributesEx
NdisInitializeEvent
NdisMRegisterMiniport
NdisInitializeWrapper
NdisWaitEvent
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisFreePacketPool
NdisFreeBufferPool

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pro1G2k.SYS
.sys windows:5 windows x86 arch:x86

54fd9548f59dfb084087cb346a76054d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:64:06:34:65:5b:ce:0f:1d:6c:3b:cf:2b:23:b7:57:61:50:44:9c
Signer

Actual PE Digest

be:64:06:34:65:5b:ce:0f:1d:6c:3b:cf:2b:23:b7:57:61:50:44:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sandbox\99735\makedir5\intel\free\i386\E1000NT5.pdb

Imports

ntoskrnl.exe

ZwOpenKey
ZwQueryValueKey
ZwClose
_allmul
_alldiv
KeTickCount
KeQueryTimeIncrement
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMFreeMapRegisters
NdisMAllocateMapRegisters
NdisTerminateWrapper
NdisReadNetworkAddress
NdisMDeregisterIoPortRange
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisWaitEvent
NdisMUnmapIoSpace
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMRegisterIoPortRange
NdisMMapIoSpace
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisMSetPeriodicTimer
NdisMRegisterInterrupt
NdisSetTimer
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisMQueryAdapterInstanceName
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration
NdisWriteEventLogEntry
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMCompleteBufferPhysicalMapping
NdisMStartBufferPhysicalMapping
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterInterrupt

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pro1GXP.sys
.sys windows:5 windows x86 arch:x86

0312cad2045a4b4be6a865c822fed8fa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:a3:81:ae:6f:55:32:82:a7:76:f0:5c:83:0d:72:8e:7c:41:c7:bc
Signer

Actual PE Digest

77:a3:81:ae:6f:55:32:82:a7:76:f0:5c:83:0d:72:8e:7c:41:c7:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sandbox\99735\makedir5\intel\free\i386\E1000325.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ZwOpenFile
ZwOpenKey
ZwQueryValueKey
ZwClose
_allmul
_alldiv
KeTickCount
KeQueryTimeIncrement
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlInitUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
MmMapLockedPagesSpecifyCache
IoFreeMdl
InterlockedPushEntrySList
InterlockedPopEntrySList
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
READ_PORT_ULONG
WRITE_PORT_ULONG
KeStallExecutionProcessor
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMRegisterIoPortRange
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisMMapIoSpace
NdisMInitializeScatterGatherDma
NdisReadNetworkAddress
NdisMRegisterInterrupt
NdisMInitializeTimer
NdisInitializeEvent
NdisSetEvent
NdisMCancelTimer
NdisMPciAssignResources
NdisMQueryAdapterResources
NdisResetEvent
NdisInitializeReadWriteLock
NdisMDeregisterDevice
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisMSetPeriodicTimer
NdisTerminateWrapper
NdisWriteEventLogEntry
NdisMSetAttributesEx
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisCloseConfiguration
NdisOpenConfiguration
NdisMQueryAdapterInstanceName
NdisReadConfiguration
NdisSetTimer
NdisInitializeTimer
NdisMSleep
NdisCancelTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisMFreeSharedMemory
NdisFreeBufferPool
NdisAllocateBuffer
NdisAllocateBufferPool
NdisFreePacket
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisMAllocateSharedMemory
NdisMSetMiniportSecondary
NdisAllocatePacketPool
NdisMDeregisterInterrupt
NdisWaitEvent

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtl8139.reg
rtlenic.reg
sis900.reg
swpflt10.sys
.sys windows:6 windows x86 arch:x86

b765e46768ff8a6a95923ebbeb9fd623

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:34:e5:9f:e3:02:af:e8:ab:41:85:9a:ad:9c:c3:ca:df:62:29:33
Signer

Actual PE Digest

8c:34:e5:9f:e3:02:af:e8:ab:41:85:9a:ad:9c:c3:ca:df:62:29:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\swapflt\objfre_w2k_x86\i386\swapflt.pdb

Imports

ntoskrnl.exe

PoCallDriver
PoStartNextPowerIrp
KeInitializeEvent
IofCompleteRequest
MmMapLockedPagesSpecifyCache
_allshr
_wcsnicmp
ObQueryNameString
IoBuildDeviceIoControlRequest
_allmul
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_stricmp
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoDetachDevice
ObfDereferenceObject
KeDelayExecutionThread
_alldiv
IofCallDriver
ExfInterlockedInsertTailList
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExfInterlockedRemoveHeadList
IoCreateDevice
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeQuerySystemTime
IoCreateSymbolicLink
ZwReadFile
ZwSetInformationFile
ZwCreateFile
_allrem
RtlFreeUnicodeString
ZwSetValueKey
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
KeInitializeSemaphore
PsCreateSystemThread
ObReferenceObjectByHandle
KeReleaseSemaphore
IoDeleteDevice
KeWaitForSingleObject
KeSetEvent
memset
swprintf
RtlInitUnicodeString
ZwOpenKey
ZwClose
memcpy
ExFreePoolWithTag
ZwQueryValueKey
ZwWriteFile
ExAllocatePoolWithTag
RtlUnwind

cacflt10.sys

InitCacheLookasideList
Minimum
IoAllocateMdlWithMasterOffset
AllocateLRUMem
FreeLRUMem
UpdateLRUCacheToCacFlt
SetArrayBit
SyncReadBlockDevice
ReadLRUCacheFromCacFlt
AddLRUCacheToCacFlt
GetOverlapStatus
GetRealOffLenByArrayBit
IoAllocateMdlWithNonPagedBuf
AsyncReadBlockDeviceWithMdl
TestArrayBit
InitSystemRamSize

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swpflt11.sys
.sys windows:6 windows x86 arch:x86

06c55d006bfd83f0208325165ed7efd3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:d6:e9:9c:43:e3:ce:c3:15:00:5b:61:ed:83:b7:26:6a:9e:59:52
Signer

Actual PE Digest

01:d6:e9:9c:43:e3:ce:c3:15:00:5b:61:ed:83:b7:26:6a:9e:59:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\swapflt\objfre_wxp_x86\i386\swapflt.pdb

Imports

ntoskrnl.exe

PoCallDriver
PoStartNextPowerIrp
KeInitializeEvent
IofCompleteRequest
MmMapLockedPagesSpecifyCache
_allshr
_wcsnicmp
ObQueryNameString
IoBuildDeviceIoControlRequest
_allmul
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_stricmp
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoDetachDevice
ObfDereferenceObject
KeDelayExecutionThread
_alldiv
ZwWriteFile
IofCallDriver
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExfInterlockedRemoveHeadList
IoCreateDevice
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeQuerySystemTime
IoCreateSymbolicLink
ZwReadFile
ZwSetInformationFile
ZwCreateFile
_alldvrm
_allrem
RtlFreeUnicodeString
ZwSetValueKey
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
KeInitializeSemaphore
PsCreateSystemThread
ObReferenceObjectByHandle
KeReleaseSemaphore
IoDeleteDevice
KeWaitForSingleObject
KeSetEvent
memset
swprintf
RtlInitUnicodeString
ZwOpenKey
ZwClose
memcpy
ExFreePoolWithTag
ZwQueryValueKey
ExfInterlockedInsertTailList
ExAllocatePoolWithTag
RtlUnwind

cacflt11.sys

InitCacheLookasideList
Minimum
IoAllocateMdlWithMasterOffset
AllocateLRUMem
FreeLRUMem
UpdateLRUCacheToCacFlt
SetArrayBit
SyncReadBlockDevice
ReadLRUCacheFromCacFlt
AddLRUCacheToCacFlt
GetOverlapStatus
GetRealOffLenByArrayBit
IoAllocateMdlWithNonPagedBuf
AsyncReadBlockDeviceWithMdl
TestArrayBit
InitSystemRamSize

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swpflt21.sys
.sys windows:6 windows x64 arch:x64

834ca9d2bcf2047f25b2a18d4e80bb35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:15:cb:86:89:f8:f2:d5:f5:ca:2b:4b:65:59:e9:27:d0:f0:12:11
Signer

Actual PE Digest

50:15:cb:86:89:f8:f2:d5:f5:ca:2b:4b:65:59:e9:27:d0:f0:12:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\swapflt\objfre_wnet_amd64\amd64\swapflt.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
_wcsnicmp
ObfReferenceObject
ZwOpenKey
IoBuildDeviceIoControlRequest
ExInterlockedInsertTailList
ZwClose
MmUnlockPages
IoFreeMdl
IoFreeIrp
IoBuildAsynchronousFsdRequest
_stricmp
KeSetEvent
KeSetPriorityThread
KeInitializeSemaphore
PsCreateSystemThread
ObReferenceObjectByHandle
PsTerminateSystemThread
ObQueryNameString
IoDeleteDevice
KeWaitForSingleObject
IoCreateDevice
IofCallDriver
IoCreateSymbolicLink
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
ZwReadFile
ZwCreateFile
ZwSetInformationFile
ZwSetValueKey
RtlFreeUnicodeString
ObReferenceObjectByName
IoDriverObjectType
KeBugCheckEx
ZwWriteFile
swprintf
ExInterlockedRemoveHeadList
ExAllocatePoolWithTag
KeDelayExecutionThread
ExFreePoolWithTag
ZwQueryInformationFile
ZwQueryValueKey
KeInitializeEvent
RtlAnsiStringToUnicodeString
PoCallDriver
RtlInitAnsiString
PoStartNextPowerIrp
IoDetachDevice
ObfDereferenceObject
KeReleaseSemaphore
IofCompleteRequest

cacflt21.sys

FreeLRUMem
AsyncReadBlockDeviceWithMdl
IoAllocateMdlWithNonPagedBuf
AllocateLRUMem
IoAllocateMdlWithMasterOffset
ReadLRUCacheFromCacFlt
Minimum
SyncReadBlockDevice
InitCacheLookasideList
InitSystemRamSize
GetRealOffLenByArrayBit
GetOverlapStatus
TestArrayBit
SetArrayBit
UpdateLRUCacheToCacFlt
AddLRUCacheToCacFlt

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
synccfg.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:a2:81:ee:93:fb:88:6e:2e:a7:58:4e:b5:c0:12:28:2f:37:33:bd
Signer

Actual PE Digest

02:a2:81:ee:93:fb:88:6e:2e:a7:58:4e:b5:c0:12:28:2f:37:33:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 254KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
volswp11.sys
.sys windows:6 windows x86 arch:x86

4d507e007922887adaf04a0ac4c0de29

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:21:c7:63:e9:73:b1:27:09:14:21:ec:9c:69:69:97:1b:91:3e:56
Signer

Actual PE Digest

8c:21:c7:63:e9:73:b1:27:09:14:21:ec:9c:69:69:97:1b:91:3e:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\nxp5\drivers\current\volswap\objfre_wxp_x86\i386\volswap.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
IoDeleteDevice
KeReleaseSemaphore
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
IofCompleteRequest
ExfInterlockedInsertTailList
KeInitializeEvent
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoCreateDevice
ExAllocatePoolWithTag
memset
IoDetachDevice
ExfInterlockedRemoveHeadList
KeSetPriorityThread
KeGetCurrentThread
swprintf
_alldiv
MmMapLockedPagesSpecifyCache
_allshr
memcpy
ZwQueryValueKey
_allmul
ZwCreateFile
RtlInitUnicodeString
ZwReadFile
ZwOpenKey
ZwWriteFile
ZwSetInformationFile
_alldvrm
_allrem
KeTickCount

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 383B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
volswp21.sys
.sys windows:6 windows x64 arch:x64

ea7a953713f9c05f271594f48a5398f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:ce:ac:f7:9b:46:d8:4f:b9:d9:03:95:0a:c7:47:f2:ff:c3:bc:e7
Signer

Actual PE Digest

aa:ce:ac:f7:9b:46:d8:4f:b9:d9:03:95:0a:c7:47:f2:ff:c3:bc:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

l:\nxp5\drivers\current\volswap\objfre_wnet_amd64\amd64\volswap.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoDetachDevice
KeSetPriorityThread
ExInterlockedRemoveHeadList
ExAllocatePoolWithTag
ExInterlockedInsertTailList
IoCreateDevice
swprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
KeInitializeSemaphore
ExFreePoolWithTag
KeSetEvent
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeReleaseSemaphore
KeWaitForSingleObject
IofCallDriver
PoStartNextPowerIrp
PoCallDriver
MmMapLockedPagesSpecifyCache
RtlInitUnicodeString
ZwCreateFile
ZwReadFile
ZwOpenKey
ZwQueryValueKey
ZwWriteFile
ZwSetInformationFile
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vt3119.reg
vt3119.sys
.sys windows:5 windows x86 arch:x86

24ce92baa39d26dcfdec48eccd615259

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:a3:ca:35:a1:f2:80:52:b9:43:e4:7b:ac:1e:78:78:3c:60:fa:ac
Signer

Actual PE Digest

18:a3:ca:35:a1:f2:80:52:b9:43:e4:7b:ac:1e:78:78:3c:60:fa:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\VT3119\NDISM\1.18-0076\Src\i386\GETND5B.pdb

Imports

ntoskrnl.exe

_allshl
WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT
WRITE_REGISTER_UCHAR

hal

READ_PORT_UCHAR
KeStallExecutionProcessor

ndis.sys

NdisOpenConfiguration
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocateBufferPool
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisMCancelTimer
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisAdjustBufferLength
NdisMCompleteBufferPhysicalMapping
NdisGetCurrentSystemTime
NdisMStartBufferPhysicalMapping
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisAllocateMemoryWithTag
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeMemory
NdisFreePacket
NdisFreeBuffer
NdisAllocatePacketPool
NdisFreeBufferPool
NdisFreePacketPool
NdisSetTimer
NdisMQueryAdapterResources
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisFreeSpinLock
NdisMDeregisterInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisAllocateSpinLock
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisReadNetworkAddress
NdisCloseConfiguration
NdisReadConfiguration

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vt61xx.sys
.sys windows:5 windows x86 arch:x86

2c73a6ebbd15111dc4b6af7c51aa8e44

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2012, 00:00

Not After

10/09/2013, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Provided by TrustAsia,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:89:1b:02:c7:a5:5f:70:3a:70:d4:5c:88:3f:f6:e0:8d:ce:9f:14
Signer

Actual PE Digest

ec:89:1b:02:c7:a5:5f:70:3a:70:d4:5c:88:3f:f6:e0:8d:ce:9f:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WINDDK\2600\src\network\ndis\VT3106\3.37n\Src\i386\FETND5B.pdb

Imports

ntoskrnl.exe

WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT
WRITE_REGISTER_UCHAR

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeStallExecutionProcessor

ndis.sys

NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisAllocateBufferPool
NdisReadPciSlotInformation
NdisWritePciSlotInformation
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisMCancelTimer
NdisUnchainBufferAtFront
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisAdjustBufferLength
NdisMCompleteBufferPhysicalMapping
NdisMSynchronizeWithInterrupt
NdisSetEvent
NdisGetCurrentSystemTime
NdisMStartBufferPhysicalMapping
NdisMAllocateSharedMemory
NdisMFreeSharedMemory
NdisAllocateMemoryWithTag
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeMemory
NdisFreePacket
NdisFreeBuffer
NdisAllocatePacketPool
NdisFreeBufferPool
NdisFreePacketPool
NdisSetTimer
NdisMQueryAdapterResources
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange
NdisMFreeMapRegisters
NdisFreeSpinLock
NdisMDeregisterInterrupt
NdisMDeregisterAdapterShutdownHandler
NdisWaitEvent
NdisInitializeEvent
NdisMInitializeTimer
NdisMRegisterAdapterShutdownHandler
NdisMRegisterInterrupt
NdisAllocateSpinLock
NdisMAllocateMapRegisters
NdisMInitializeScatterGatherDma
NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisMSetAttributesEx
NdisReadNetworkAddress
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenConfiguration

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winvnc4.exe
.exe windows:4 windows x86 arch:x86

42dd56a32f8f1cd851db20b435b9b12d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:c8:66:4e:ea:8f:32:4f:52:7b:47:09:0f:87:aa:e4:13:d8:29:05
Signer

Actual PE Digest

c8:c8:66:4e:ea:8f:32:4f:52:7b:47:09:0f:87:aa:e4:13:d8:29:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA
GetDlgItem
GetDlgItemTextA
SetDlgItemTextA
GetWindowLongA
SetWindowLongA
EndDialog
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
OpenDesktopA
GetWindowThreadProcessId
RegisterClassA
UnregisterClassA
CreateWindowExA
GetClassNameA
EnumDesktopWindows
EnumDesktopsA
GetProcessWindowStation
ExitWindowsEx
GetWindowRect
IsWindowVisible
MsgWaitForMultipleObjects
PeekMessageA
DefWindowProcA
SystemParametersInfoA
ClientToScreen
GetClientRect
IsRectEmpty
IsIconic
IsWindow
KillTimer
mouse_event
GetSystemMetrics
GetAsyncKeyState
MapVirtualKeyA
keybd_event
VkKeyScanA
ToAscii
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
DrawIconEx
GetIconInfo
GetDC
ReleaseDC
GetDesktopWindow
GetForegroundWindow
EnumWindows
FindWindowA
MessageBoxA
LoadImageA
GetCursorPos
SendMessageA
SetWindowTextA
PostMessageA
GetMessageA
TranslateMessage
DestroyWindow
PostThreadMessageA
DispatchMessageA
SetTimer

kernel32

GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
DeleteFileA
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThread
SetLastError
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
FlushFileBuffers
ExpandEnvironmentStringsA
LCMapStringW
ReadFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
ResumeThread
CreateThread
TlsSetValue
TlsAlloc
FreeConsole
ResetEvent
WaitForSingleObject
SetEvent
CreateEventA
GetComputerNameA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
Sleep
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeLibrary
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
GetVersionExA
GetCurrentProcess
FormatMessageA
OpenProcess
TerminateProcess
CreateProcessA
GetModuleFileNameA
ExitProcess
SetProcessShutdownParameters
TlsGetValue
LCMapStringA
GetCurrentThreadId
HeapSize

advapi32

OpenProcessToken
CryptAcquireContextA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegNotifyChangeKeyValue
CryptGenRandom
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA
GetUserNameA
RevertToSelf
RegCloseKey
ImpersonateLoggedOnUser
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CryptReleaseContext

gdi32

SetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteDC
CreateDCA
GetClipBox
CreateCompatibleBitmap
GetDIBits
GetObjectA
GetBitmapBits
DeleteObject
GetSystemPaletteEntries
GdiFlush
BitBlt
GetDeviceCaps
CreateDIBSection

ws2_32

inet_ntoa
getsockname
getpeername
ntohs
shutdown
setsockopt
listen
bind
htonl
WSAStartup
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSAIoctl
WSAResetEvent
WSAEnumNetworkEvents
recv
select
send
socket
WSAGetLastError
inet_addr
accept
gethostbyname
closesocket
htons

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wm_hooks.dll
.dll windows:4 windows x86 arch:x86

03d2da4043cce27fa9166306d9287c11

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:bd:b6:1d:d0:a2:fa:b0:ab:c7:c4:c9:96:fb:d7:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2010, 00:00

Not After

05/08/2011, 23:59

Subject

CN=NetZone Info-Tech Co.\, Ltd.\, Shanghai,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NetZone Info-Tech Co.\, Ltd.\, Shanghai,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:8a:04:3c:f3:12:00:47:f8:38:96:52:d0:d0:18:d8:15:44:85:34
Signer

Actual PE Digest

b8:8a:04:3c:f3:12:00:47:f8:38:96:52:d0:d0:18:d8:15:44:85:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GlobalAddAtomA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
GetWindowRect
GetPropA
SetPropA
GetCursor
PostThreadMessageA

Exports

Exports

WM_Hooks_CursorChanged
WM_Hooks_EnableCursorShape
WM_Hooks_EnableRealInputs
WM_Hooks_EnableSynthInputs
WM_Hooks_Install
WM_Hooks_RectangleChanged
WM_Hooks_Remove
WM_Hooks_WindowBorderChanged
WM_Hooks_WindowChanged
WM_Hooks_WindowClientAreaChanged

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WM_Hook
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ykxp2k.sys
.sys windows:6 windows x86 arch:x86

d2fe724fae187b10396e8fa9826eb445

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:35:e4:72:64:ee:f3:a4:87:c0:9e:b2:99:53:9a:9c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/03/2009, 00:00

Not After

05/04/2012, 23:59

Subject

CN=Marvell Semiconductor,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Wireless,O=Marvell Semiconductor,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:8b:c0:9a:d0:88:5c:21:83:0e:63:17:73:fe:47:9a:79:db:05:dc
Signer

Actual PE Digest

f0:8b:c0:9a:d0:88:5c:21:83:0e:63:17:73:fe:47:9a:79:db:05:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

r:\rel07\tmp\gewin\drv\objfre_wxp_x86\i386\yk51x86.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
ExCreateCallback
ExRegisterCallback
ZwPowerInformation
ExUnregisterCallback
ObfDereferenceObject
memcpy
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
ExfInterlockedInsertHeadList
IoFreeMdl
WRITE_REGISTER_USHORT
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
WRITE_REGISTER_ULONG
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwClose
ZwOpenSection
_aulldiv
_allmul
_aullshr
_allshl
strncmp
WRITE_REGISTER_UCHAR
MmMapLockedPagesSpecifyCache
_alldiv
KeQuerySystemTime
memset

hal

KfReleaseSpinLock
KeGetCurrentIrql
KeStallExecutionProcessor
KfAcquireSpinLock

ndis.sys

NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisInitializeReadWriteLock
NdisInitializeString
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMSleep
NdisCloseConfiguration
NdisMSetAttributesEx
NdisMDeregisterAdapterShutdownHandler
NdisMDeregisterInterrupt
NdisSystemProcessorCount
NdisMInitializeScatterGatherDma
NdisMQueryAdapterResources
NdisMFreeMapRegisters
NdisCloseFile
NdisUnmapFile
NdisMapFile
NdisOpenConfiguration
NdisReadPciSlotInformation
NdisMInitializeTimer
NdisInitializeEvent
NdisSetTimer
NdisResetEvent
NdisWaitEvent
NdisMCancelTimer
NdisSetEvent
NdisMMapIoSpace
NdisMRegisterIoPortRange
NdisMRegisterInterrupt
NdisWriteErrorLogEntry
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMGetDmaAlignment
NdisReadConfiguration
NdisReadNetworkAddress
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisOpenFile
NdisWritePciSlotInformation
NdisScheduleWorkItem
NdisFreePacketPool
NdisFreeBufferPool
NdisFreePacket
NdisAllocatePacket
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMUnmapIoSpace
NdisMDeregisterIoPortRange

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 25KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

95bde89413123c4a2a03ca2a774a6671

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

46:b9:64:ae:08:7e:b5:6d:11:0a:20:c1:12:39:21:2d:3b:81:54:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

46:b9:64:ae:08:7e:b5:6d:11:0a:20:c1:12:39:21:2d:3b:81:54:93
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

10:c5:4d:b7:40:dc:7e:32:46:f8:ed:66:43:93:0c:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

08:e2:5b:0e:94:e8:0d:f6:c6:b7:a1:4a:aa:c8:19:ce:5a:64:40:49
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

60:c5:d0:2b:94:37:c4:10:2e:9e:0e:7b:2e:94:b6:ed:eb:c3:09:72
Signer

.text
Size: 293KB - Virtual size: 293KB