39685da82b53f42414a2de387144b787_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39685da82b53f42414a2de387144b787_JaffaCakes118
Size

14.4MB
MD5

39685da82b53f42414a2de387144b787
SHA1

10cdfdc004b394fe1cc909a9d1585b7fd4de2228
SHA256

7bd1ce29cea9fa0b34cadd9bad64749c7936d38911196c5a0e12f333f3a8b15e
SHA512

be31aa4a2b35a956fba78a3a3497f123852cc02d505912a5ccd69a18cc434f403267387a5232b8549e45e2d3a01ca4547e904a90874e5e73bb991e3d0d78dd5a
SSDEEP

393216:acWNxO0af1GrG/N18ryK2URAkpsOWjfWzLjKG9a02b:UxO3d/N18euAkICTKGcLb

Score

6^/10

pdf link

Malware Config

Signatures

PDF contains one or more embedded files
Detects presence of embedded files in PDF files.
pdf
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ϊc8800/ChinaNetDll.dll
unpack001/Ϊc8800/Loader.exe
unpack001/Ϊc8800/Lpk.dll
unpack001/Ϊc8800/Setup.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/HwAndUninstall.exe
unpack002/hw_android_usb_driver/ChinaNetDll.dll
unpack002/hw_android_usb_driver/DevSetup64.exe
unpack002/hw_android_usb_driver/SetupControl.exe
unpack002/hw_android_usb_driver/Vista/smhwadb.sys
unpack002/hw_android_usb_driver/Vista/smhwdev.sys
unpack002/hw_android_usb_driver/Vista/smhwser.sys
unpack002/hw_android_usb_driver/Vista64/smhwadb.sys
unpack002/hw_android_usb_driver/Vista64/smhwdev.sys
unpack002/hw_android_usb_driver/Vista64/smhwser.sys
unpack002/hw_android_usb_driver/Win7/smhwadb.sys
unpack002/hw_android_usb_driver/Win7/smhwdev.sys
unpack002/hw_android_usb_driver/Win7/smhwser.sys
unpack002/hw_android_usb_driver/Win764/smhwadb.sys
unpack002/hw_android_usb_driver/Win764/smhwdev.sys
unpack002/hw_android_usb_driver/Win764/smhwser.sys
unpack002/hw_android_usb_driver/devsetup.exe
unpack002/hw_android_usb_driver/sentscsi.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/Ϊc8800/Setup.exe	nsis_installer_1
static1/unpack001/Ϊc8800/Setup.exe	nsis_installer_2
static1/unpack002/HwAndUninstall.exe	nsis_installer_1
static1/unpack002/HwAndUninstall.exe	nsis_installer_2

Files

39685da82b53f42414a2de387144b787_JaffaCakes118
.zip
Ϊc8800/ChinaNetDll.dll
.dll windows:4 windows x86 arch:x86

23636a1af376386301a4fb913150be29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\PC_Modem\MXL修改\耿华PC侧相关_NEW\autorun\dll\Release\ChinaNetDll.pdb

Imports

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

kernel32

GetFileTime
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetTimeZoneInformation
GetLocalTime
HeapAlloc
HeapReAlloc
HeapFree
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetStdHandle
GetStartupInfoA
GetACP
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
GetCurrentProcessId
InterlockedIncrement
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindFirstFileA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
lstrlenA
GlobalFree
GlobalAlloc
GetLastError
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
GetPrivateProfileStringA
GetFileSize
CreateFileA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ExitProcess

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
PtInRect
MessageBoxA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
GetWindowThreadProcessId
GetParent
CharUpperA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageA
GetKeyState
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
CreateBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
ShellExecuteExA

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

CheckPrgInstall
CheckPrgIsRunning
InitialDllPara
InstallPrg
IsNeedUpdate
PrgIsEnable
RunPrg
UpdatePrg

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ϊc8800/ChinaNetdll.ini
Ϊc8800/Loader.exe
.exe windows:4 windows x86 arch:x86

fec2199f3e75a68e275d299fbed8cafd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\PC_Modem\耿华PC侧相关\autorun\comm_prj\bin\Loader.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

kernel32

GetCurrentProcessId
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleFileNameW
InterlockedDecrement
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
GetTickCount
HeapFree
GetTimeZoneInformation
GetLocalTime
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
Sleep
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
FormatMessageA
GlobalLock
GlobalUnlock
MulDiv
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GetModuleHandleA
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetTempPathA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateMutexA
GetCommandLineW
CreateThread
GetVersionExA
FindResourceA
LoadResource
LockResource
SizeofResource
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetDriveTypeA
GetPrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
GetModuleFileNameA
GetWindowsDirectoryA
GetExitCodeProcess
WaitForSingleObject
GetStartupInfoA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
lstrlenA
LocalAlloc
LocalFree
GetLastError
CloseHandle
VirtualProtect

user32

UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetClassNameA
PostMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
EnableWindow
CharUpperA
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
SetWindowsHookExA

gdi32

CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetDeviceCaps
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetObjectA
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

CommandLineToArgvW
ShellExecuteA
ShellExecuteExA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ϊc8800/Lpk.dll
.dll windows:4 windows x86 arch:x86

75c320dc1311924dceb2d2a5549814f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetTickCount
WriteProcessMemory
SetFileTime
SetErrorMode
FreeLibrary
GetSystemDirectoryA
ReadProcessMemory
lstrcatA
ReadFile
WaitForSingleObject
CreateProcessA
GetVolumeInformationA
GetWindowsDirectoryA
DeviceIoControl
GetLogicalDriveStringsA
GetFileAttributesA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
IsBadReadPtr
CloseHandle
CreateThread
WinExec
GetModuleFileNameA
SystemTimeToFileTime
DisableThreadLibraryCalls
SetFilePointer
CreateFileA
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
WriteFile
FileTimeToSystemTime
GetLocalTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsBadCodePtr
HeapAlloc
RtlUnwind
DeleteFileA
FindFirstFileA
FindNextFileA
FileTimeToLocalFileTime
MoveFileA
ExitProcess
TerminateProcess
HeapFree
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
SetEnvironmentVariableA

user32

CloseClipboard
SetClipboardData
GetWindowLongA
SetWindowLongA
FindWindowA
SendMessageA
ShowWindow
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ϊc8800/Setup.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChinaNetSetup.exe
.exe windows:4 windows x86 arch:x86

62d83407cf4aa0acd663709524cf4d3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:e5:84:04:27:48:7a:8b:cc:c4:1d:61:2d:d7:af:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/10/2010, 00:00

Not After

22/11/2011, 23:59

Subject

CN=China Telecom Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=China Telecom Co.\,Ltd.,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:74:3b:48:b1:80:ae:91:bd:a7:5e:4d:49:2f:80:10:18:4f:94:16
Signer

Actual PE Digest

f6:74:3b:48:b1:80:ae:91:bd:a7:5e:4d:49:2f:80:10:18:4f:94:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
RtlUnwind
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
CreateThread
ExitThread
HeapSize
HeapReAlloc
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
GetFileSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA
GetProfileStringA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindNextFileA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GlobalFree
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalAlloc
GetCurrentThread
CreateEventA
ReleaseMutex
CreateMutexA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetExitCodeProcess
ExitProcess
CreateProcessA
WaitForSingleObject
GetModuleFileNameA
CopyFileA
GetVersionExA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempPathA
SizeofResource
lstrcmpA
DeleteFileA
OutputDebugStringA
GetCurrentProcess
GetLastError
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
FindResourceA
lstrcpynA
LoadResource
LockResource
GetSystemDefaultLangID
GetACP
LCMapStringW

user32

InvalidateRect
RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
ScreenToClient
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
OffsetRect
SetWindowRgn
ExitWindowsEx
KillTimer
IsIconic
GetSystemMetrics
DrawIcon
IsWindow
ReleaseDC
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
LoadBitmapA
SetRect
SetTimer
MessageBoxA
LoadIconA
SendMessageA
BeginPaint
EndPaint
GetWindowRect
ClientToScreen
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
GetClassNameA
EnableWindow
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
GetDC
GetClientRect
FillRect
DestroyMenu
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
CharUpperA
InflateRect
LoadStringA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
GetMessageTime
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem

gdi32

SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetClipBox
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
CreateFontIndirectA
DPtoLP
GetTextColor
GetBkColor
LPtoDP
CreateRectRgn
CombineRgn
GetPixel
GetStockObject
CreateCompatibleDC
StretchBlt
GetObjectA
CreateFontA
DeleteObject
GetTextMetricsA
GetTextExtentPointA
CreateFontW
CreatePen
CreateSolidBrush
SelectObject
CreateDIBitmap
BitBlt
Rectangle

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

shlwapi

PathFileExistsA

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HwAndUninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SetupInfo.xml
.xml
hw_android_usb_driver/ChinaNetDll.dll
.dll windows:4 windows x86 arch:x86

23636a1af376386301a4fb913150be29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\PC_Modem\MXL修改\耿华PC侧相关_NEW\autorun\dll\Release\ChinaNetDll.pdb

Imports

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

kernel32

GetFileTime
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetTimeZoneInformation
GetLocalTime
HeapAlloc
HeapReAlloc
HeapFree
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetStdHandle
GetStartupInfoA
GetACP
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
GetCurrentProcessId
InterlockedIncrement
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindFirstFileA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
lstrlenA
GlobalFree
GlobalAlloc
GetLastError
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
GetPrivateProfileStringA
GetFileSize
CreateFileA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ExitProcess

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
PtInRect
MessageBoxA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
GetWindowThreadProcessId
GetParent
CharUpperA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageA
GetKeyState
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
CreateBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
ShellExecuteExA

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

CheckPrgInstall
CheckPrgIsRunning
InitialDllPara
InstallPrg
IsNeedUpdate
PrgIsEnable
RunPrg
UpdatePrg

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/ChinaNetdll.ini
hw_android_usb_driver/DevSetup64.exe
.exe windows:4 windows x64 arch:x64

114ee2d6839889380dea9596e30e0aca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
SetupDiGetDeviceRegistryPropertyA
CM_Locate_DevNodeA
SetupDiCallClassInstaller
SetupCopyOEMInfA

shlwapi

PathFindFileNameA
PathFileExistsA
PathStripToRootA
PathIsUNCA

kernel32

GetCurrentProcessId
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
lstrcmpA
GlobalFlags
GetFileTime
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
RtlPcToFileHeader
GetLocalTime
GetTimeZoneInformation
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
GetProcessHeap
HeapSize
ExitProcess
GetStdHandle
HeapSetInformation
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetACP
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlVirtualUnwind
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SetLastError
CopyFileA
GetVersionExA
GetCommandLineW
CreateSemaphoreA
CreateMutexA
Sleep
GetSystemDefaultLangID
TerminateProcess
GetStartupInfoA
CreateProcessA
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileStringA
GetModuleFileNameA
GetFileSize
CreateFileA
DeviceIoControl
WaitForSingleObject
GetExitCodeProcess
LocalFree
LocalAlloc
lstrlenA
CompareStringW
CompareStringA
GetCurrentProcess
CloseHandle
GetWindowsDirectoryA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar

user32

UnregisterClassA
PostQuitMessage
DestroyMenu
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
LoadCursorA
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
EnableWindow
SetForegroundWindow
GetClientRect
PostMessageA
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowPos
CharUpperA
GetClassNameA
MessageBoxA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
TabbedTextOutA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA

gdi32

SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hw_android_usb_driver/SetupControl.exe
.exe windows:4 windows x86 arch:x86

fec2199f3e75a68e275d299fbed8cafd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\PC_Modem\耿华PC侧相关\autorun\comm_prj\bin\Loader.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

kernel32

GetCurrentProcessId
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleFileNameW
InterlockedDecrement
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
GetTickCount
HeapFree
GetTimeZoneInformation
GetLocalTime
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
Sleep
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
FormatMessageA
GlobalLock
GlobalUnlock
MulDiv
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GetModuleHandleA
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetTempPathA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateMutexA
GetCommandLineW
CreateThread
GetVersionExA
FindResourceA
LoadResource
LockResource
SizeofResource
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetDriveTypeA
GetPrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
GetModuleFileNameA
GetWindowsDirectoryA
GetExitCodeProcess
WaitForSingleObject
GetStartupInfoA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
lstrlenA
LocalAlloc
LocalFree
GetLastError
CloseHandle
VirtualProtect

user32

UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetClassNameA
PostMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
EnableWindow
CharUpperA
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
SetWindowsHookExA

gdi32

CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetDeviceCaps
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetObjectA
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

CommandLineToArgvW
ShellExecuteA
ShellExecuteExA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista/WdfCoInstaller01005.dll
.dll windows:6 windows x86 arch:x86

467ea76ea189d0499d3ec487bbd6fff9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c
Signer

Actual PE Digest

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01005.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf
_adjust_fdiv

setupapi

SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree
VerifyVersionInfoW
VerSetConditionMask

advapi32

CloseServiceHandle
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfigW
UnlockServiceDatabase
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista/smhwadb.inf
hw_android_usb_driver/Vista/smhwadb.sys
.sys windows:6 windows x86 arch:x86

7b96e98a0de7089ea8895df9e05a8c1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\code\android\development\host\windows\usb\build\Release\i386\androidusb.pdb

Imports

ntoskrnl.exe

memcpy
RtlCompareUnicodeString
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeQuerySystemTime
memset
_allmul
MmUnmapLockedPages
KeTickCount
RtlCopyUnicodeString
RtlUnwind
KeBugCheckEx
ExFreePoolWithTag
IoBuildPartialMdl
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista/smhwadb86.cat
hw_android_usb_driver/Vista/smhwdev.cat
hw_android_usb_driver/Vista/smhwdev.inf
hw_android_usb_driver/Vista/smhwdev.sys
.sys windows:6 windows x86 arch:x86

30a8d44b7da04656098cbb244edbeb49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\y37719\dummy\fsake\objfre_wlh_x86\i386\qcusbser.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoReuseIrp
IoAllocateIrp
KeClearEvent
ZwClose
ExGetPreviousMode
PsTerminateSystemThread
ObfDereferenceObject
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
PsCreateSystemThread
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
ObReferenceObjectByHandle
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
memcpy
IoDeleteDevice
IoDetachDevice
RtlCompareMemory
IoGetDeviceProperty
sprintf
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwOpenKey
KeQuerySystemTime
RtlDeleteRegistryValue
ZwQueryValueKey
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
isprint
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
IoReleaseCancelSpinLock
RtlUnwind
DbgPrint
ExFreePoolWithTag
IoFreeIrp
IofCompleteRequest
KeSetEvent
IoRegisterDeviceInterface

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista/smhwmdm.cat
hw_android_usb_driver/Vista/smhwmdm.inf
hw_android_usb_driver/Vista/smhwser.cat
hw_android_usb_driver/Vista/smhwser.inf
hw_android_usb_driver/Vista/smhwser.sys
.sys windows:6 windows x86 arch:x86

9f3527977e98cf74164bf4ec876f0d85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\y37719\开发项目\u7225\pc机蓝屏问题定位\usb_win2kxp2066\hy11-v3865-34_2.0.6601\objfre_wlh_x86\i386\qcusbser.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

IoReleaseCancelSpinLock
sprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
ObfDereferenceObject
IofCallDriver
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
KeClearEvent
KeWaitForSingleObject
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
PsTerminateSystemThread
ZwClose
ExGetPreviousMode
ObReferenceObjectByHandle
PsCreateSystemThread
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
memcpy
IoDeleteDevice
IoDetachDevice
IoCreateUnprotectedSymbolicLink
RtlCompareMemory
IoGetDeviceProperty
IoRegisterDeviceInterface
DbgPrint
IoAllocateIrp
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCancelIrp
KeQuerySystemTime
ZwQueryValueKey
isprint
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
IoFreeWorkItem
PoRequestPowerIrp
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
RtlUnwind
RtlDeleteRegistryValue
ExFreePoolWithTag
IoFreeIrp
IofCompleteRequest
KeSetEvent
IoReuseIrp

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista64/WdfCoInstaller01005.dll
.dll windows:6 windows x64 arch:x64

831f1fc1bf81528bc9624d69c49d6e74

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4
Signer

Actual PE Digest

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01005.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_ultow
_stricmp
_vsnwprintf

setupapi

SetupOpenLog
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
SetupLogErrorW
SetupInstallServicesFromInfSectionW
SetupDiGetSelectedDriverW
SetupFindNextMatchLineW
SetupGetLineCountW
SetupGetStringFieldW
SetupDiGetActualSectionToInstallW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
WriteFile
RemoveDirectoryW
LockResource
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
GetLocalTime
FindClose
CreateProcessW
LoadResource
SetLastError
FindResourceW
FindFirstFileW
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
DeleteFileW
CloseHandle
TerminateProcess
GetExitCodeProcess
FindNextFileW
FormatMessageW
SizeofResource
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
VerSetConditionMask
GlobalFree
GetModuleFileNameW
LocalFree
GetModuleHandleW
GetProcAddress
GetLastError
VerifyVersionInfoW
LocalAlloc

advapi32

LockServiceDatabase
RegCloseKey
OpenServiceW
QueryServiceLockStatusW
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfigW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

shell32

CommandLineToArgvW

user32

IsCharAlphaW
LoadStringW
IsCharAlphaNumericW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista64/smhwadb.inf
hw_android_usb_driver/Vista64/smhwadb.sys
.sys windows:6 windows x64 arch:x64

9083f2143fcef9194acc05c823d167d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\code\android\development\host\windows\usb\build\Release\amd64\androidusb.pdb

Imports

ntoskrnl.exe

MmUnmapLockedPages
IoBuildPartialMdl
IoFreeMdl
MmProbeAndLockPages
RtlCompareUnicodeString
IoAllocateMdl
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
__C_specific_handler

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista64/smhwadb64.cat
hw_android_usb_driver/Vista64/smhwadb86.cat
hw_android_usb_driver/Vista64/smhwdev.cat
hw_android_usb_driver/Vista64/smhwdev.inf
hw_android_usb_driver/Vista64/smhwdev.sys
.sys windows:6 windows x64 arch:x64

08a7496e415a8a3b444f476a3694ccb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\y37719\dummy\fsake\objfre_wlh_amd64\amd64\qcusbser.pdb

Imports

ntoskrnl.exe

KeReleaseSpinLock
IofCompleteRequest
IoFreeIrp
RtlFreeAnsiString
RtlCopyUnicodeString
IoReleaseCancelSpinLock
DbgPrint
KeAcquireSpinLockRaiseToDpc
IoAcquireRemoveLockEx
KeClearEvent
IoReuseIrp
IoSetDeviceInterfaceState
KeSetPriorityThread
ExGetPreviousMode
IoReleaseRemoveLockEx
KeReleaseSpinLockFromDpcLevel
IoCancelIrp
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlWriteRegistryValue
IoGetAttachedDeviceReference
IoAllocateIrp
ObfDereferenceObject
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
IofCallDriver
IoRegisterDeviceInterface
RtlInitUnicodeString
IoDeleteDevice
ZwSetValueKey
IoDetachDevice
PoSetPowerState
IoAttachDeviceToDeviceStack
RtlUnicodeStringToAnsiString
IoOpenDeviceRegistryKey
IoCreateDevice
IoGetDeviceProperty
ZwOpenKey
RtlDeleteRegistryValue
ZwQueryValueKey
RtlAnsiStringToUnicodeString
strstr
RtlIntegerToUnicodeString
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
KeSetTimer
KeCancelTimer
isprint
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
IoQueueWorkItem
KeBugCheckEx
KeInitializeEvent
KeSetEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlCompareMemory
sprintf
__C_specific_handler

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Vista64/smhwmdm.cat
hw_android_usb_driver/Vista64/smhwmdm.inf
hw_android_usb_driver/Vista64/smhwser.cat
hw_android_usb_driver/Vista64/smhwser.inf
hw_android_usb_driver/Vista64/smhwser.sys
.sys windows:6 windows x64 arch:x64

2ae794ffe1ac8cdf81ff73c674d3d292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\y37719\开发项目\u7225\pc机蓝屏问题定位\usb_win2kxp2066\hy11-v3865-34_2.0.6601\objfre_wlh_amd64\amd64\qcusbser.pdb

Imports

ntoskrnl.exe

RtlUnicodeStringToAnsiString
KeReleaseSpinLock
IofCompleteRequest
IoFreeIrp
RtlFreeAnsiString
RtlCopyUnicodeString
IoReleaseCancelSpinLock
RtlDeleteRegistryValue
DbgPrint
KeAcquireSpinLockRaiseToDpc
IoAcquireRemoveLockEx
KeClearEvent
IoSetDeviceInterfaceState
KeSetPriorityThread
ExGetPreviousMode
IoReleaseRemoveLockEx
KeReleaseSpinLockFromDpcLevel
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlWriteRegistryValue
IoGetAttachedDeviceReference
ObfDereferenceObject
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
IofCallDriver
IoReuseIrp
IoRegisterDeviceInterface
RtlInitUnicodeString
IoDeleteDevice
ZwSetValueKey
IoDetachDevice
PoSetPowerState
IoCreateUnprotectedSymbolicLink
IoAttachDeviceToDeviceStack
IoAllocateIrp
KeInitializeEvent
IoOpenDeviceRegistryKey
IoCreateDevice
IoGetDeviceProperty
ZwOpenKey
IoCancelIrp
isprint
ZwQueryValueKey
RtlAnsiStringToUnicodeString
strstr
RtlIntegerToUnicodeString
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
KeSetTimer
KeCancelTimer
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
IoQueueWorkItem
KeBugCheckEx
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
ExAllocatePoolWithTag
RtlCompareMemory
sprintf
__C_specific_handler

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win7/WdfCoInstaller01005.dll
.dll windows:6 windows x86 arch:x86

467ea76ea189d0499d3ec487bbd6fff9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c
Signer

Actual PE Digest

2a:66:1b:c4:9b:e9:07:3f:5e:77:35:24:50:76:4e:54:c2:1d:b5:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01005.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf
_adjust_fdiv

setupapi

SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
LocalFree
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree
VerifyVersionInfoW
VerSetConditionMask

advapi32

CloseServiceHandle
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfigW
UnlockServiceDatabase
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win7/smhwadb.inf
hw_android_usb_driver/Win7/smhwadb.sys
.sys windows:6 windows x86 arch:x86

7b96e98a0de7089ea8895df9e05a8c1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\code\android\development\host\windows\usb\build\Release\i386\androidusb.pdb

Imports

ntoskrnl.exe

memcpy
RtlCompareUnicodeString
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeQuerySystemTime
memset
_allmul
MmUnmapLockedPages
KeTickCount
RtlCopyUnicodeString
RtlUnwind
KeBugCheckEx
ExFreePoolWithTag
IoBuildPartialMdl
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win7/smhwadb86.cat
hw_android_usb_driver/Win7/smhwdev.cat
hw_android_usb_driver/Win7/smhwdev.inf
hw_android_usb_driver/Win7/smhwdev.sys
.sys windows:6 windows x86 arch:x86

c4f5d21ac1c920b9384fc3e1d6f0adbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\y37719\dummy\fsake\objfre_wxp_x86\i386\qcusbser.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

IoFreeIrp
ExFreePoolWithTag
DbgPrint
IoReleaseCancelSpinLock
IofCompleteRequest
sprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
IoReuseIrp
IoAllocateIrp
KeClearEvent
ZwClose
ExGetPreviousMode
PsTerminateSystemThread
ObfDereferenceObject
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
PsCreateSystemThread
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
ObReferenceObjectByHandle
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
memcpy
IoDeleteDevice
KeSetEvent
RtlCompareMemory
IoGetDeviceProperty
IoRegisterDeviceInterface
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
ZwOpenKey
KeQuerySystemTime
RtlDeleteRegistryValue
ZwQueryValueKey
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
isprint
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
PoRequestPowerIrp
IoFreeWorkItem
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
IoDetachDevice
RtlUnwind

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win7/smhwmdm.cat
hw_android_usb_driver/Win7/smhwmdm.inf
hw_android_usb_driver/Win7/smhwser.cat
hw_android_usb_driver/Win7/smhwser.inf
hw_android_usb_driver/Win7/smhwser.sys
.sys windows:6 windows x86 arch:x86

e8398b713acda088f9202704b597155b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\y37719\开发项目\u7225\pc机蓝屏问题定位\usb_win2kxp2066\hy11-v3865-34_2.0.6601\objfre_wxp_x86\i386\qcusbser.pdb

Imports

hal

KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql

ntoskrnl.exe

IoFreeIrp
ExFreePoolWithTag
RtlDeleteRegistryValue
IoDeleteSymbolicLink
DbgPrint
IoReleaseCancelSpinLock
IofCompleteRequest
sprintf
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeAnsiString
KeInitializeEvent
RtlUnicodeStringToAnsiString
memset
ObfDereferenceObject
IofCallDriver
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoSetDeviceInterfaceState
KeClearEvent
KeWaitForSingleObject
IoAcquireRemoveLockEx
RtlWriteRegistryValue
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
PsTerminateSystemThread
ZwClose
ExGetPreviousMode
ObReferenceObjectByHandle
PsCreateSystemThread
ZwSetValueKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
memcpy
IoDeleteDevice
IoDetachDevice
KeSetEvent
RtlCompareMemory
IoGetDeviceProperty
IoRegisterDeviceInterface
IoReuseIrp
IoAllocateIrp
PoSetPowerState
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCancelIrp
KeQuerySystemTime
ZwQueryValueKey
isprint
KeInitializeDpc
KeInitializeTimer
IoInitializeRemoveLockEx
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoReleaseRemoveLockAndWaitEx
strstr
IoAcquireCancelSpinLock
KeCancelTimer
KeSetTimer
MmMapLockedPagesSpecifyCache
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoCallDriver
PoStartNextPowerIrp
IoIsWdmVersionAvailable
IoWMIRegistrationControl
IoFreeWorkItem
PoRequestPowerIrp
KeReadStateEvent
IoQueueWorkItem
IoAllocateWorkItem
KeTickCount
KeBugCheckEx
IoCreateUnprotectedSymbolicLink
RtlUnwind

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win764/WdfCoInstaller01005.dll
.dll windows:6 windows x64 arch:x64

831f1fc1bf81528bc9624d69c49d6e74

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4
Signer

Actual PE Digest

fc:e2:2b:24:be:83:7b:df:1a:e3:86:dd:77:3f:1e:0a:86:ea:2f:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01005.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_ultow
_stricmp
_vsnwprintf

setupapi

SetupOpenLog
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
SetupLogErrorW
SetupInstallServicesFromInfSectionW
SetupDiGetSelectedDriverW
SetupFindNextMatchLineW
SetupGetLineCountW
SetupGetStringFieldW
SetupDiGetActualSectionToInstallW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
WriteFile
RemoveDirectoryW
LockResource
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
GetLocalTime
FindClose
CreateProcessW
LoadResource
SetLastError
FindResourceW
FindFirstFileW
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
DeleteFileW
CloseHandle
TerminateProcess
GetExitCodeProcess
FindNextFileW
FormatMessageW
SizeofResource
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
VerSetConditionMask
GlobalFree
GetModuleFileNameW
LocalFree
GetModuleHandleW
GetProcAddress
GetLastError
VerifyVersionInfoW
LocalAlloc

advapi32

LockServiceDatabase
RegCloseKey
OpenServiceW
QueryServiceLockStatusW
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfigW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

shell32

CommandLineToArgvW

user32

IsCharAlphaW
LoadStringW
IsCharAlphaNumericW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceRemove

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win764/smhwadb.inf
hw_android_usb_driver/Win764/smhwadb.sys
.sys windows:6 windows x64 arch:x64

9083f2143fcef9194acc05c823d167d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\code\android\development\host\windows\usb\build\Release\amd64\androidusb.pdb

Imports

ntoskrnl.exe

MmUnmapLockedPages
IoBuildPartialMdl
IoFreeMdl
MmProbeAndLockPages
RtlCompareUnicodeString
IoAllocateMdl
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
__C_specific_handler

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win764/smhwadb64.cat
hw_android_usb_driver/Win764/smhwadb86.cat
hw_android_usb_driver/Win764/smhwdev.cat
hw_android_usb_driver/Win764/smhwdev.inf
hw_android_usb_driver/Win764/smhwdev.sys
.sys windows:6 windows x64 arch:x64

08a7496e415a8a3b444f476a3694ccb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\y37719\dummy\fsake\objfre_wlh_amd64\amd64\qcusbser.pdb

Imports

ntoskrnl.exe

KeReleaseSpinLock
IofCompleteRequest
IoFreeIrp
RtlFreeAnsiString
RtlCopyUnicodeString
IoReleaseCancelSpinLock
DbgPrint
KeAcquireSpinLockRaiseToDpc
IoAcquireRemoveLockEx
KeClearEvent
IoReuseIrp
IoSetDeviceInterfaceState
KeSetPriorityThread
ExGetPreviousMode
IoReleaseRemoveLockEx
KeReleaseSpinLockFromDpcLevel
IoCancelIrp
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlWriteRegistryValue
IoGetAttachedDeviceReference
IoAllocateIrp
ObfDereferenceObject
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
IofCallDriver
IoRegisterDeviceInterface
RtlInitUnicodeString
IoDeleteDevice
ZwSetValueKey
IoDetachDevice
PoSetPowerState
IoAttachDeviceToDeviceStack
RtlUnicodeStringToAnsiString
IoOpenDeviceRegistryKey
IoCreateDevice
IoGetDeviceProperty
ZwOpenKey
RtlDeleteRegistryValue
ZwQueryValueKey
RtlAnsiStringToUnicodeString
strstr
RtlIntegerToUnicodeString
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
KeSetTimer
KeCancelTimer
isprint
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
IoQueueWorkItem
KeBugCheckEx
KeInitializeEvent
KeSetEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlCompareMemory
sprintf
__C_specific_handler

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/Win764/smhwmdm.cat
hw_android_usb_driver/Win764/smhwmdm.inf
hw_android_usb_driver/Win764/smhwser.cat
hw_android_usb_driver/Win764/smhwser.inf
hw_android_usb_driver/Win764/smhwser.sys
.sys windows:6 windows x64 arch:x64

2ae794ffe1ac8cdf81ff73c674d3d292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\y37719\开发项目\u7225\pc机蓝屏问题定位\usb_win2kxp2066\hy11-v3865-34_2.0.6601\objfre_wlh_amd64\amd64\qcusbser.pdb

Imports

ntoskrnl.exe

RtlUnicodeStringToAnsiString
KeReleaseSpinLock
IofCompleteRequest
IoFreeIrp
RtlFreeAnsiString
RtlCopyUnicodeString
IoReleaseCancelSpinLock
RtlDeleteRegistryValue
DbgPrint
KeAcquireSpinLockRaiseToDpc
IoAcquireRemoveLockEx
KeClearEvent
IoSetDeviceInterfaceState
KeSetPriorityThread
ExGetPreviousMode
IoReleaseRemoveLockEx
KeReleaseSpinLockFromDpcLevel
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlWriteRegistryValue
IoGetAttachedDeviceReference
ObfDereferenceObject
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
IofCallDriver
IoReuseIrp
IoRegisterDeviceInterface
RtlInitUnicodeString
IoDeleteDevice
ZwSetValueKey
IoDetachDevice
PoSetPowerState
IoCreateUnprotectedSymbolicLink
IoAttachDeviceToDeviceStack
IoAllocateIrp
KeInitializeEvent
IoOpenDeviceRegistryKey
IoCreateDevice
IoGetDeviceProperty
ZwOpenKey
IoCancelIrp
isprint
ZwQueryValueKey
RtlAnsiStringToUnicodeString
strstr
RtlIntegerToUnicodeString
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
KeSetTimer
KeCancelTimer
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
IoQueueWorkItem
KeBugCheckEx
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
ExAllocatePoolWithTag
RtlCompareMemory
sprintf
__C_specific_handler

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hw_android_usb_driver/devsetup.exe
.exe windows:4 windows x86 arch:x86

a9a85825403ee1b3398e45fecca92615

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
SetupDiGetDeviceRegistryPropertyA
CM_Locate_DevNodeA
SetupDiCallClassInstaller
SetupCopyOEMInfA

shlwapi

PathFindFileNameA
PathFileExistsA
PathStripToRootA
PathIsUNCA

kernel32

GetCurrentProcessId
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedDecrement
InterlockedIncrement
lstrcmpA
GlobalFlags
GetFileTime
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
HeapAlloc
GetCurrentThreadId
HeapReAlloc
RaiseException
VirtualAlloc
GetLocalTime
GetTimeZoneInformation
RtlUnwind
GetCommandLineA
GetProcessHeap
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SetLastError
CopyFileA
GetVersionExA
GetCommandLineW
CreateSemaphoreA
CreateMutexA
Sleep
GetSystemDefaultLangID
TerminateProcess
GetStartupInfoA
CreateProcessA
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileStringA
GetModuleFileNameA
GetFileSize
CreateFileA
DeviceIoControl
WaitForSingleObject
GetExitCodeProcess
LocalFree
LocalAlloc
lstrlenA
CompareStringW
CompareStringA
GetCurrentProcess
CloseHandle
GetWindowsDirectoryA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
HeapFree

user32

UnregisterClassA
PostQuitMessage
DestroyMenu
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
LoadCursorA
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
EnableWindow
SetForegroundWindow
PostMessageA
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
CharUpperA
GetClassNameA
MessageBoxA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
TabbedTextOutA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA

gdi32

SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hw_android_usb_driver/drvcfg.ini
hw_android_usb_driver/sentscsi.exe
.exe windows:5 windows x86 arch:x86

a6eaed659ca3bb5e9ee00cff592bbba2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lxy\ddk\sendscsi\objfre_wxp_x86\i386\sentscsi.pdb

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_controlfp
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_getdrives
fopen
strstr
fclose
fwrite
_except_handler3
_vsnprintf

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetDriveTypeA
CreateFileA
GetLastError
CloseHandle
DeviceIoControl
SetUnhandledExceptionFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hw_android_usb_driver/unDrvcfg.ini
Ϊc8800/autorun.ico
Ϊc8800/autorun.inf
Ϊc8800/drivers/usbnet_driver_win2k_xp/DownloadActiveSync.url
Ϊc8800/drvcfg.ini
Ϊc8800/ûָ.pdf
.pdf
- http://huawei.com
Press Quality(1).joboptions
Ϊc8800 _Ϊc8800ʹ˵ - pc6վ.url
.url

Sharing

General

Malware Config

Signatures

Files

23636a1af376386301a4fb913150be29

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 20KB - Virtual size: 19KB

fec2199f3e75a68e275d299fbed8cafd

Headers

File Characteristics

PDB Paths

Imports

setupapi

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

ole32

oleaut32

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 20KB - Virtual size: 16KB

75c320dc1311924dceb2d2a5549814f0

Headers

File Characteristics

Imports

kernel32

user32

version

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 36KB

.reloc Size: 8KB - Virtual size: 7KB

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 36KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2a:e5:84:04:27:48:7a:8b:cc:c4:1d:61:2d:d7:af:c7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f6:74:3b:48:b1:80:ae:91:bd:a7:5e:4d:49:2f:80:10:18:4f:94:16
Signer

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB