bonsoir,
j' ai supprimé le browserchoice par contre la suppression d' a-squared a bien fonctionné (sans passer par le panneau de configuration car il n' y apparaissait pas) jusqu' à ce que je le restaure pour supprimer le contenu de la quarantaine. après impossible de supprimer le fichier ("impossible de supprimer le a2service.exe : accès refusé, vérifiez que le disque n' est pas plein ou protégé en écriture, et que le fichier n' est pas utilisé actuellement")
voici les 3 rapports :
Fichier ksecdd.sys reçu le 2010.07.25 18:01:39 (UTC)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.25 -
Avast5 5.0.332.0 2010.07.25 -
AVG 9.0.0.851 2010.07.25 -
BitDefender 7.2 2010.07.25 -
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.25 -
Comodo 5536 2010.07.25 -
DrWeb 5.0.2.03300 2010.07.25 -
Emsisoft 5.0.0.34 2010.07.25 -
eSafe 7.0.17.0 2010.07.25 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.25 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 -
Ikarus T3.1.1.84.0 2010.07.25 -
Jiangmin 13.0.900 2010.07.25 -
Kaspersky 7.0.0.125 2010.07.25 -
McAfee 5.400.0.1158 2010.07.25 -
McAfee-GW-Edition 2010.1 2010.07.25 -
Microsoft 1.6004 2010.07.25 -
NOD32 5311 2010.07.25 -
Norman 6.05.11 2010.07.25 -
nProtect 2010-07-25.02 2010.07.25 -
Panda 10.0.2.7 2010.07.25 -
PCTools 7.0.3.5 2010.07.25 -
Prevx 3.0 2010.07.25 -
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.25 -
Sunbelt 6638 2010.07.25 -
SUPERAntiSpyware 4.40.0.1006 2010.07.25 -
Symantec 20101.1.1.7 2010.07.25 -
TheHacker 6.5.2.1.324 2010.07.25 -
TrendMicro 9.120.0.1004 2010.07.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.25 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.25 -
VirusBuster 5.0.27.0 2010.07.25 -
Information additionnelle
File size: 92928 bytes
MD5...: b467646c54cc746128904e1654c750c1
SHA1..: 43e831fd6e37b8f93225df2cb70d2454b3e7b042
SHA256: 3bd71be3663ea23463d236d8a2a2e42dfa10c502bdb4b6e131faf0fba748219e
ssdeep: 1536:BZg/Wbq+cnEPiQqydVLUeEt1Tj1VE46BBlfFc:BZg/t9E6QoeiT2BlfF
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x151b3
timedatestamp.....: 0x4a420b90 (Wed Jun 24 11:18:40 2009)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x2836 0x2880 6.35 7f1e75d1c19d68db172d8e69436950c9
.rdata 0x2c00 0x6a4 0x700 4.38 6b3c1a64e6bd2c2c6b4a6b74b18868df
.data 0x3300 0x1ac0 0x1b00 4.48 a1e4bbdfd71a7466b9809ea13b5115ef
PAGE 0x4e00 0x51a5 0x5200 6.25 f7a44243e3731511cdc20b7a3a127681
PAGEMSG 0xa000 0xab50 0xab80 6.51 26783909078eb9ab65ae45271ab5414a
.edata 0x14b80 0x4b7 0x500 5.09 7d66890845821952bea275e4814e237b
INIT 0x15080 0x9fa 0xa00 5.75 48fa558d435d1b916876fcd45c9e2a2d
.rsrc 0x15a80 0x420 0x480 3.23 82599c917f9f8114f47861bffabf3401
.reloc 0x15f00 0xbf4 0xc00 6.37 e6dead3f373541937f2df450a9965801
( 2 imports )
> ntoskrnl.exe: RtlCopyUnicodeString, RtlCopySid, RtlLengthSid, RtlInitUnicodeString, LpcRequestWaitReplyPort, PsGetProcessSecurityPort, PsGetCurrentProcess, ObReferenceObjectByHandle, ObfDereferenceObject, PsSetProcessSecurityPort, ObCloseHandle, ZwConnectPort, strncpy, ObOpenObjectByPointer, ObfReferenceObject, IofCompleteRequest, MmMapLockedPagesSpecifyCache, MmUserProbeAddress, KeInitializeEvent, IoCreateDevice, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, RtlMapSecurityErrorToNtStatus, KeWaitForSingleObject, KeSetEvent, RtlEqualUnicodeString, ExAllocatePoolWithTag, PsGetCurrentThread, SeTokenImpersonationLevel, NtDuplicateObject, MmLockPagableDataSection, MmUnlockPagableImageSection, ZwOpenEvent, ZwClose, ZwWaitForSingleObject, PsGetProcessId, PsGetThreadProcessId, KeLeaveCriticalRegion, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeInitializeSpinLock, ExInitializeResourceLite, RtlIntegerToUnicodeString, PsGetProcessCreateTimeQuadPart, SeReleaseSubjectContext, SeUnlockSubjectContext, SeQueryAuthenticationIdToken, SeLockSubjectContext, SeCaptureSubjectContext, _except_handler3, KeTickCount, KeBugCheckEx, ExQueueWorkItem, KeStackAttachProcess, KeUnstackDetachProcess, PsImpersonateClient, ExFreePoolWithTag, ZwQuerySystemInformation, PsGetCurrentThreadId, PsGetCurrentProcessId, ZwCreateKey, ZwQueryValueKey, ZwSetValueKey, ExDeleteResourceLite, ZwOpenKey, ExAcquireSharedWaitForExclusive, ExGetPreviousMode, wcscpy, NtClose, ZwSetInformationObject, wcslen, ZwQueryObject, memmove, RtlFreeOemString, RtlUnicodeStringToOemString
> HAL.dll: KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock
( 38 exports )
AcceptSecurityContext, AcquireCredentialsHandleW, AddCredentialsW, ApplyControlToken, CredMarshalTargetInfo, DeleteSecurityContext, EfsDecryptFek, EfsGenerateKey, EnumerateSecurityPackagesW, ExportSecurityContext, FreeContextBuffer, FreeCredentialsHandle, GenerateDirEfs, GenerateSessionKey, GetSecurityUserInfo, ImpersonateSecurityContext, ImportSecurityContextW, InitSecurityInterfaceW, InitializeSecurityContextW, KSecRegisterSecurityProvider, KSecValidateBuffer, LsaEnumerateLogonSessions, LsaGetLogonSessionData, MakeSignature, MapSecurityError, QueryContextAttributesW, QueryCredentialsAttributesW, QuerySecurityContextToken, QuerySecurityPackageInfoW, RevertSecurityContext, SealMessage, SecLookupAccountName, SecLookupAccountSid, SecMakeSPN, SecMakeSPNEx, SecSetPagingMode, UnsealMessage, VerifySignature
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Kernel Security Support Provider Interface
original name: ksecdd.sys
internal name: ksecdd.sys
file version.: 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Fichier ksecdd.sys reçu le 2010.07.25 18:01:39 (UTC) |
Antivirus | Version | Dernière mise à jour | Résultat |
AhnLab-V3 | 2010.07.24.01 | 2010.07.23 | - |
AntiVir | 8.2.4.26 | 2010.07.23 | - |
Antiy-AVL | 2.0.3.7 | 2010.07.23 | - |
Authentium | 5.2.0.5 | 2010.07.24 | - |
Avast | 4.8.1351.0 | 2010.07.25 | - |
Avast5 | 5.0.332.0 | 2010.07.25 | - |
AVG | 9.0.0.851 | 2010.07.25 | - |
BitDefender | 7.2 | 2010.07.25 | - |
CAT-QuickHeal | 11.00 | 2010.07.24 | - |
ClamAV | 0.96.0.3-git | 2010.07.25 | - |
Comodo | 5536 | 2010.07.25 | - |
DrWeb | 5.0.2.03300 | 2010.07.25 | - |
Emsisoft | 5.0.0.34 | 2010.07.25 | - |
eSafe | 7.0.17.0 | 2010.07.25 | - |
eTrust-Vet | 36.1.7734 | 2010.07.24 | - |
F-Prot | 4.6.1.107 | 2010.07.24 | - |
F-Secure | 9.0.15370.0 | 2010.07.25 | - |
Fortinet | 4.1.143.0 | 2010.07.24 | - |
GData | 21 | 2010.07.24 | - |
Ikarus | T3.1.1.84.0 | 2010.07.25 | - |
Jiangmin | 13.0.900 | 2010.07.25 | - |
Kaspersky | 7.0.0.125 | 2010.07.25 | - |
McAfee | 5.400.0.1158 | 2010.07.25 | - |
McAfee-GW-Edition | 2010.1 | 2010.07.25 | - |
Microsoft | 1.6004 | 2010.07.25 | - |
NOD32 | 5311 | 2010.07.25 | - |
Norman | 6.05.11 | 2010.07.25 | - |
nProtect | 2010-07-25.02 | 2010.07.25 | - |
Panda | 10.0.2.7 | 2010.07.25 | - |
PCTools | 7.0.3.5 | 2010.07.25 | - |
Prevx | 3.0 | 2010.07.25 | - |
Rising | 22.57.03.08 | 2010.07.23 | - |
Sophos | 4.55.0 | 2010.07.25 | - |
Sunbelt | 6638 | 2010.07.25 | - |
SUPERAntiSpyware | 4.40.0.1006 | 2010.07.25 | - |
Symantec | 20101.1.1.7 | 2010.07.25 | - |
TheHacker | 6.5.2.1.324 | 2010.07.25 | - |
TrendMicro | 9.120.0.1004 | 2010.07.25 | - |
TrendMicro-HouseCall | 9.120.0.1004 | 2010.07.25 | - |
VBA32 | 3.12.12.6 | 2010.07.23 | - |
ViRobot | 2010.7.23.3956 | 2010.07.25 | - |
VirusBuster | 5.0.27.0 | 2010.07.25 | - |
|
Information additionnelle |
File size: 92928 bytes |
MD5...: b467646c54cc746128904e1654c750c1 |
SHA1..: 43e831fd6e37b8f93225df2cb70d2454b3e7b042 |
SHA256: 3bd71be3663ea23463d236d8a2a2e42dfa10c502bdb4b6e131faf0fba748219e |
ssdeep: 1536:BZg/Wbq+cnEPiQqydVLUeEt1Tj1VE46BBlfFc:BZg/t9E6QoeiT2BlfF
|
PEiD..: - |
PEInfo: PE Structure information
( base data ) entrypointaddress.: 0x151b3 timedatestamp.....: 0x4a420b90 (Wed Jun 24 11:18:40 2009) machinetype.......: 0x14c (I386)
( 9 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x380 0x2836 0x2880 6.35 7f1e75d1c19d68db172d8e69436950c9 .rdata 0x2c00 0x6a4 0x700 4.38 6b3c1a64e6bd2c2c6b4a6b74b18868df .data 0x3300 0x1ac0 0x1b00 4.48 a1e4bbdfd71a7466b9809ea13b5115ef PAGE 0x4e00 0x51a5 0x5200 6.25 f7a44243e3731511cdc20b7a3a127681 PAGEMSG 0xa000 0xab50 0xab80 6.51 26783909078eb9ab65ae45271ab5414a .edata 0x14b80 0x4b7 0x500 5.09 7d66890845821952bea275e4814e237b INIT 0x15080 0x9fa 0xa00 5.75 48fa558d435d1b916876fcd45c9e2a2d .rsrc 0x15a80 0x420 0x480 3.23 82599c917f9f8114f47861bffabf3401 .reloc 0x15f00 0xbf4 0xc00 6.37 e6dead3f373541937f2df450a9965801
( 2 imports ) > ntoskrnl.exe: RtlCopyUnicodeString, RtlCopySid, RtlLengthSid, RtlInitUnicodeString, LpcRequestWaitReplyPort, PsGetProcessSecurityPort, PsGetCurrentProcess, ObReferenceObjectByHandle, ObfDereferenceObject, PsSetProcessSecurityPort, ObCloseHandle, ZwConnectPort, strncpy, ObOpenObjectByPointer, ObfReferenceObject, IofCompleteRequest, MmMapLockedPagesSpecifyCache, MmUserProbeAddress, KeInitializeEvent, IoCreateDevice, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, RtlMapSecurityErrorToNtStatus, KeWaitForSingleObject, KeSetEvent, RtlEqualUnicodeString, ExAllocatePoolWithTag, PsGetCurrentThread, SeTokenImpersonationLevel, NtDuplicateObject, MmLockPagableDataSection, MmUnlockPagableImageSection, ZwOpenEvent, ZwClose, ZwWaitForSingleObject, PsGetProcessId, PsGetThreadProcessId, KeLeaveCriticalRegion, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeInitializeSpinLock, ExInitializeResourceLite, RtlIntegerToUnicodeString, PsGetProcessCreateTimeQuadPart, SeReleaseSubjectContext, SeUnlockSubjectContext, SeQueryAuthenticationIdToken, SeLockSubjectContext, SeCaptureSubjectContext, _except_handler3, KeTickCount, KeBugCheckEx, ExQueueWorkItem, KeStackAttachProcess, KeUnstackDetachProcess, PsImpersonateClient, ExFreePoolWithTag, ZwQuerySystemInformation, PsGetCurrentThreadId, PsGetCurrentProcessId, ZwCreateKey, ZwQueryValueKey, ZwSetValueKey, ExDeleteResourceLite, ZwOpenKey, ExAcquireSharedWaitForExclusive, ExGetPreviousMode, wcscpy, NtClose, ZwSetInformationObject, wcslen, ZwQueryObject, memmove, RtlFreeOemString, RtlUnicodeStringToOemString > HAL.dll: KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock
( 38 exports ) AcceptSecurityContext, AcquireCredentialsHandleW, AddCredentialsW, ApplyControlToken, CredMarshalTargetInfo, DeleteSecurityContext, EfsDecryptFek, EfsGenerateKey, EnumerateSecurityPackagesW, ExportSecurityContext, FreeContextBuffer, FreeCredentialsHandle, GenerateDirEfs, GenerateSessionKey, GetSecurityUserInfo, ImpersonateSecurityContext, ImportSecurityContextW, InitSecurityInterfaceW, InitializeSecurityContextW, KSecRegisterSecurityProvider, KSecValidateBuffer, LsaEnumerateLogonSessions, LsaGetLogonSessionData, MakeSignature, MapSecurityError, QueryContextAttributesW, QueryCredentialsAttributesW, QuerySecurityContextToken, QuerySecurityPackageInfoW, RevertSecurityContext, SealMessage, SecLookupAccountName, SecLookupAccountSid, SecMakeSPN, SecMakeSPNEx, SecSetPagingMode, UnsealMessage, VerifySignature
|
RDS...: NSRL Reference Data Set - |
pdfid.: - |
trid..: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
packers (Kaspersky): PE_Patch |
sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Kernel Security Support Provider Interface original name: ksecdd.sys internal name: ksecdd.sys file version.: 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
|
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2010.07.24.01;2010.07.23;-
AntiVir;8.2.4.26;2010.07.23;-
Antiy-AVL;2.0.3.7;2010.07.23;-
Authentium;5.2.0.5;2010.07.24;-
Avast;4.8.1351.0;2010.07.25;-
Avast5;5.0.332.0;2010.07.25;-
AVG;9.0.0.851;2010.07.25;-
BitDefender;7.2;2010.07.25;-
CAT-QuickHeal;11.00;2010.07.24;-
ClamAV;0.96.0.3-git;2010.07.25;-
Comodo;5536;2010.07.25;-
DrWeb;5.0.2.03300;2010.07.25;-
Emsisoft;5.0.0.34;2010.07.25;-
eSafe;7.0.17.0;2010.07.25;-
eTrust-Vet;36.1.7734;2010.07.24;-
F-Prot;4.6.1.107;2010.07.24;-
F-Secure;9.0.15370.0;2010.07.25;-
Fortinet;4.1.143.0;2010.07.24;-
GData;21;2010.07.24;-
Ikarus;T3.1.1.84.0;2010.07.25;-
Jiangmin;13.0.900;2010.07.25;-
Kaspersky;7.0.0.125;2010.07.25;-
McAfee;5.400.0.1158;2010.07.25;-
McAfee-GW-Edition;2010.1;2010.07.25;-
Microsoft;1.6004;2010.07.25;-
NOD32;5311;2010.07.25;-
Norman;6.05.11;2010.07.25;-
nProtect;2010-07-25.02;2010.07.25;-
Panda;10.0.2.7;2010.07.25;-
PCTools;7.0.3.5;2010.07.25;-
Prevx;3.0;2010.07.25;-
Rising;22.57.03.08;2010.07.23;-
Sophos;4.55.0;2010.07.25;-
Sunbelt;6638;2010.07.25;-
SUPERAntiSpyware;4.40.0.1006;2010.07.25;-
Symantec;20101.1.1.7;2010.07.25;-
TheHacker;6.5.2.1.324;2010.07.25;-
TrendMicro;9.120.0.1004;2010.07.25;-
TrendMicro-HouseCall;9.120.0.1004;2010.07.25;-
VBA32;3.12.12.6;2010.07.23;-
ViRobot;2010.7.23.3956;2010.07.25;-
VirusBuster;5.0.27.0;2010.07.25;-
Information additionnelle
File size: 92928 bytes
MD5...: b467646c54cc746128904e1654c750c1
SHA1..: 43e831fd6e37b8f93225df2cb70d2454b3e7b042
SHA256: 3bd71be3663ea23463d236d8a2a2e42dfa10c502bdb4b6e131faf0fba748219e
ssdeep: 1536:BZg/Wbq+cnEPiQqydVLUeEt1Tj1VE46BBlfFc:BZg/t9E6QoeiT2BlfF
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x151b3
timedatestamp.....: 0x4a420b90 (Wed Jun 24 11:18:40 2009)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x2836 0x2880 6.35 7f1e75d1c19d68db172d8e69436950c9
.rdata 0x2c00 0x6a4 0x700 4.38 6b3c1a64e6bd2c2c6b4a6b74b18868df
.data 0x3300 0x1ac0 0x1b00 4.48 a1e4bbdfd71a7466b9809ea13b5115ef
PAGE 0x4e00 0x51a5 0x5200 6.25 f7a44243e3731511cdc20b7a3a127681
PAGEMSG 0xa000 0xab50 0xab80 6.51 26783909078eb9ab65ae45271ab5414a
.edata 0x14b80 0x4b7 0x500 5.09 7d66890845821952bea275e4814e237b
INIT 0x15080 0x9fa 0xa00 5.75 48fa558d435d1b916876fcd45c9e2a2d
.rsrc 0x15a80 0x420 0x480 3.23 82599c917f9f8114f47861bffabf3401
.reloc 0x15f00 0xbf4 0xc00 6.37 e6dead3f373541937f2df450a9965801
( 2 imports )
> ntoskrnl.exe: RtlCopyUnicodeString, RtlCopySid, RtlLengthSid, RtlInitUnicodeString, LpcRequestWaitReplyPort, PsGetProcessSecurityPort, PsGetCurrentProcess, ObReferenceObjectByHandle, ObfDereferenceObject, PsSetProcessSecurityPort, ObCloseHandle, ZwConnectPort, strncpy, ObOpenObjectByPointer, ObfReferenceObject, IofCompleteRequest, MmMapLockedPagesSpecifyCache, MmUserProbeAddress, KeInitializeEvent, IoCreateDevice, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, RtlMapSecurityErrorToNtStatus, KeWaitForSingleObject, KeSetEvent, RtlEqualUnicodeString, ExAllocatePoolWithTag, PsGetCurrentThread, SeTokenImpersonationLevel, NtDuplicateObject, MmLockPagableDataSection, MmUnlockPagableImageSection, ZwOpenEvent, ZwClose, ZwWaitForSingleObject, PsGetProcessId, PsGetThreadProcessId, KeLeaveCriticalRegion, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeInitializeSpinLock, ExInitializeResourceLite, RtlIntegerToUnicodeString, PsGetProcessCreateTimeQuadPart, SeReleaseSubjectContext, SeUnlockSubjectContext, SeQueryAuthenticationIdToken, SeLockSubjectContext, SeCaptureSubjectContext, _except_handler3, KeTickCount, KeBugCheckEx, ExQueueWorkItem, KeStackAttachProcess, KeUnstackDetachProcess, PsImpersonateClient, ExFreePoolWithTag, ZwQuerySystemInformation, PsGetCurrentThreadId, PsGetCurrentProcessId, ZwCreateKey, ZwQueryValueKey, ZwSetValueKey, ExDeleteResourceLite, ZwOpenKey, ExAcquireSharedWaitForExclusive, ExGetPreviousMode, wcscpy, NtClose, ZwSetInformationObject, wcslen, ZwQueryObject, memmove, RtlFreeOemString, RtlUnicodeStringToOemString
> HAL.dll: KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock
( 38 exports )
AcceptSecurityContext, AcquireCredentialsHandleW, AddCredentialsW, ApplyControlToken, CredMarshalTargetInfo, DeleteSecurityContext, EfsDecryptFek, EfsGenerateKey, EnumerateSecurityPackagesW, ExportSecurityContext, FreeContextBuffer, FreeCredentialsHandle, GenerateDirEfs, GenerateSessionKey, GetSecurityUserInfo, ImpersonateSecurityContext, ImportSecurityContextW, InitSecurityInterfaceW, InitializeSecurityContextW, KSecRegisterSecurityProvider, KSecValidateBuffer, LsaEnumerateLogonSessions, LsaGetLogonSessionData, MakeSignature, MapSecurityError, QueryContextAttributesW, QueryCredentialsAttributesW, QuerySecurityContextToken, QuerySecurityPackageInfoW, RevertSecurityContext, SealMessage, SecLookupAccountName, SecLookupAccountSid, SecMakeSPN, SecMakeSPNEx, SecSetPagingMode, UnsealMessage, VerifySignature
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation.
Fichier CBUSB.SYS reçu le 2010.07.25 18:12:00 (UTC)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.25 -
Avast5 5.0.332.0 2010.07.25 -
AVG 9.0.0.851 2010.07.25 -
BitDefender 7.2 2010.07.25 -
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.25 -
Comodo 5536 2010.07.25 -
DrWeb 5.0.2.03300 2010.07.25 -
Emsisoft 5.0.0.34 2010.07.25 -
eSafe 7.0.17.0 2010.07.25 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.25 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 -
Ikarus T3.1.1.84.0 2010.07.25 -
Jiangmin 13.0.900 2010.07.25 -
Kaspersky 7.0.0.125 2010.07.25 -
McAfee 5.400.0.1158 2010.07.25 -
McAfee-GW-Edition 2010.1 2010.07.25 -
Microsoft 1.6004 2010.07.25 -
NOD32 5311 2010.07.25 -
Norman 6.05.11 2010.07.25 -
nProtect 2010-07-25.02 2010.07.25 -
Panda 10.0.2.7 2010.07.25 -
PCTools 7.0.3.5 2010.07.25 -
Prevx 3.0 2010.07.25 -
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.25 -
Sunbelt 6638 2010.07.25 -
SUPERAntiSpyware 4.40.0.1006 2010.07.25 -
Symantec 20101.1.1.7 2010.07.25 -
TheHacker 6.5.2.1.324 2010.07.25 -
TrendMicro 9.120.0.1004 2010.07.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.25 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.25 -
VirusBuster 5.0.27.0 2010.07.25 -
Information additionnelle
File size: 45056 bytes
MD5...: 1ab1b4fb284f182d73af793db193d329
SHA1..: ed07f652b1d4e758b663b5c2994a0412f7494540
SHA256: c78e6674bfbaed0ff8ea5c8b4664ad1b00a8f3046688c5d4e481175b6049126d
ssdeep: 768:SYVzzPjjaT+Dh07RQkXkmp8NEVe6GaYr+8qVAyEe:T70lDXkmpbGX4VAu
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2c0
timedatestamp.....: 0x415b0a85 (Wed Sep 29 19:18:29 2004)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x8fda 0x8fe0 6.55 424c40c86d67d74f567a7e68bfe6c120
.rdata 0x92a0 0x1bc 0x1c0 3.74 f8a8058a7ed3631e86fdffae7f4987cc
.data 0x9460 0x430 0x440 0.55 73a1d119194e5075ceb50511c2ffc7a4
INIT 0x98a0 0x504 0x520 4.99 547a821fd479a97e514bad6b041cd2f4
.rsrc 0x9dc0 0x398 0x3a0 3.32 ebd45c20d2ea548bd7ef6717ea903eaa
.reloc 0xa160 0x33c 0x340 5.56 28010d3cb23d9c06e0db475de58354e8
( 3 imports )
> NTOSKRNL.EXE: ExAllocatePoolWithTag, IoDeleteDevice, KeInitializeEvent, IofCompleteRequest, RtlInitUnicodeString, IoAttachDeviceToDeviceStack, ExFreePool, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDetachDevice, KeInitializeSpinLock, RtlUnicodeStringToAnsiString, _itoa, IoCancelIrp, KeCancelTimer, KeSetEvent, KeWaitForSingleObject, KeInitializeTimer, IoCreateDevice, sprintf, InterlockedDecrement, IofCallDriver, RtlFreeAnsiString, KeInitializeDpc, ProbeForWrite, ProbeForRead, KeTickCount, KeSetTimerEx, KeGetCurrentThread, PoRequestPowerIrp, IoFreeIrp, IoAllocateIrp, PoCallDriver, PoStartNextPowerIrp, KeSetTimer, IoBuildDeviceIoControlRequest, InterlockedIncrement, KeClearEvent, RtlUnwind, KeDelayExecutionThread
> HAL.DLL: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeStallExecutionProcessor
> USBD.SYS: _USBD_CreateConfigurationRequestEx@8, USBD_ParseConfigurationDescriptor, USBD_GetUSBDIVersion
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: MARX CryptoTech LP
copyright....: Copyright (c) 2003-2004 MARX CryptoTech LP
product......: MARX(c) USB CryptToken
description..: Kernel driver for CBUSB
original name: CBUSB.sys
internal name: CBUSB.sys
file version.: 2.0.4.0929
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2010.07.24.01;2010.07.23;-
AntiVir;8.2.4.26;2010.07.23;-
Antiy-AVL;2.0.3.7;2010.07.23;-
Authentium;5.2.0.5;2010.07.24;-
Avast;4.8.1351.0;2010.07.25;-
Avast5;5.0.332.0;2010.07.25;-
AVG;9.0.0.851;2010.07.25;-
BitDefender;7.2;2010.07.25;-
CAT-QuickHeal;11.00;2010.07.24;-
ClamAV;0.96.0.3-git;2010.07.25;-
Comodo;5536;2010.07.25;-
DrWeb;5.0.2.03300;2010.07.25;-
Emsisoft;5.0.0.34;2010.07.25;-
eSafe;7.0.17.0;2010.07.25;-
eTrust-Vet;36.1.7734;2010.07.24;-
F-Prot;4.6.1.107;2010.07.24;-
F-Secure;9.0.15370.0;2010.07.25;-
Fortinet;4.1.143.0;2010.07.24;-
GData;21;2010.07.24;-
Ikarus;T3.1.1.84.0;2010.07.25;-
Jiangmin;13.0.900;2010.07.25;-
Kaspersky;7.0.0.125;2010.07.25;-
McAfee;5.400.0.1158;2010.07.25;-
McAfee-GW-Edition;2010.1;2010.07.25;-
Microsoft;1.6004;2010.07.25;-
NOD32;5311;2010.07.25;-
Norman;6.05.11;2010.07.25;-
nProtect;2010-07-25.02;2010.07.25;-
Panda;10.0.2.7;2010.07.25;-
PCTools;7.0.3.5;2010.07.25;-
Prevx;3.0;2010.07.25;-
Rising;22.57.03.08;2010.07.23;-
Sophos;4.55.0;2010.07.25;-
Sunbelt;6638;2010.07.25;-
SUPERAntiSpyware;4.40.0.1006;2010.07.25;-
Symantec;20101.1.1.7;2010.07.25;-
TheHacker;6.5.2.1.324;2010.07.25;-
TrendMicro;9.120.0.1004;2010.07.25;-
TrendMicro-HouseCall;9.120.0.1004;2010.07.25;-
VBA32;3.12.12.6;2010.07.23;-
ViRobot;2010.7.23.3956;2010.07.25;-
VirusBuster;5.0.27.0;2010.07.25;-
Information additionnelle
File size: 45056 bytes
MD5...: 1ab1b4fb284f182d73af793db193d329
SHA1..: ed07f652b1d4e758b663b5c2994a0412f7494540
SHA256: c78e6674bfbaed0ff8ea5c8b4664ad1b00a8f3046688c5d4e481175b6049126d
ssdeep: 768:SYVzzPjjaT+Dh07RQkXkmp8NEVe6GaYr+8qVAyEe:T70lDXkmpbGX4VAu
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2c0
timedatestamp.....: 0x415b0a85 (Wed Sep 29 19:18:29 2004)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x8fda 0x8fe0 6.55 424c40c86d67d74f567a7e68bfe6c120
.rdata 0x92a0 0x1bc 0x1c0 3.74 f8a8058a7ed3631e86fdffae7f4987cc
.data 0x9460 0x430 0x440 0.55 73a1d119194e5075ceb50511c2ffc7a4
INIT 0x98a0 0x504 0x520 4.99 547a821fd479a97e514bad6b041cd2f4
.rsrc 0x9dc0 0x398 0x3a0 3.32 ebd45c20d2ea548bd7ef6717ea903eaa
.reloc 0xa160 0x33c 0x340 5.56 28010d3cb23d9c06e0db475de58354e8
( 3 imports )
> NTOSKRNL.EXE: ExAllocatePoolWithTag, IoDeleteDevice, KeInitializeEvent, IofCompleteRequest, RtlInitUnicodeString, IoAttachDeviceToDeviceStack, ExFreePool, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDetachDevice, KeInitializeSpinLock, RtlUnicodeStringToAnsiString, _itoa, IoCancelIrp, KeCancelTimer, KeSetEvent, KeWaitForSingleObject, KeInitializeTimer, IoCreateDevice, sprintf, InterlockedDecrement, IofCallDriver, RtlFreeAnsiString, KeInitializeDpc, ProbeForWrite, ProbeForRead, KeTickCount, KeSetTimerEx, KeGetCurrentThread, PoRequestPowerIrp, IoFreeIrp, IoAllocateIrp, PoCallDriver, PoStartNextPowerIrp, KeSetTimer, IoBuildDeviceIoControlRequest, InterlockedIncrement, KeClearEvent, RtlUnwind, KeDelayExecutionThread
> HAL.DLL: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeStallExecutionProcessor
> USBD.SYS: _USBD_CreateConfigurationRequestEx@8, USBD_ParseConfigurationDescriptor, USBD_GetUSBDIVersion
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: MARX CryptoTech LP
copyright....: Copyright
Fichier win32k.sys reçu le 2010.07.25 18:14:41 (UTC)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.25 -
Avast5 5.0.332.0 2010.07.25 -
AVG 9.0.0.851 2010.07.25 -
BitDefender 7.2 2010.07.25 -
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.25 -
Comodo 5536 2010.07.25 -
DrWeb 5.0.2.03300 2010.07.25 -
Emsisoft 5.0.0.34 2010.07.25 -
eSafe 7.0.17.0 2010.07.25 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.25 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 -
Ikarus T3.1.1.84.0 2010.07.25 -
Jiangmin 13.0.900 2010.07.25 -
Kaspersky 7.0.0.125 2010.07.25 -
McAfee 5.400.0.1158 2010.07.25 -
McAfee-GW-Edition 2010.1 2010.07.25 -
Microsoft 1.6004 2010.07.25 -
NOD32 5311 2010.07.25 -
Norman 6.05.11 2010.07.25 -
nProtect 2010-07-25.02 2010.07.25 -
Panda 10.0.2.7 2010.07.25 -
PCTools 7.0.3.5 2010.07.25 -
Prevx 3.0 2010.07.25 -
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.25 -
Sunbelt 6638 2010.07.25 -
SUPERAntiSpyware 4.40.0.1006 2010.07.25 -
Symantec 20101.1.1.7 2010.07.25 -
TheHacker 6.5.2.1.324 2010.07.25 -
TrendMicro 9.120.0.1004 2010.07.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.25 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.25 -
VirusBuster 5.0.27.0 2010.07.25 -
Information additionnelle
File size: 1851392 bytes
MD5...: d6491ca433261fcbdc99d27064e5f180
SHA1..: 9f6fcac4b36eb3769b853c221dac3de2b1ee3fc6
SHA256: 96bb9cecae6acf6cb13fab1680958e651bb1ee66571e1a740952f557c1dbd0e5
ssdeep: 49152:aDqNe4/vdvf0pXYioLaYmW/p4ckdbVQFH:aDqNeQapXYPaRxNm
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1b11ff
timedatestamp.....: 0x4bdd0c20 (Sun May 02 05:22:40 2010)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x18da27 0x18da80 6.69 36f3dfcb691f06bb5538cbf7f77df007
.rdata 0x18de00 0xd05c 0xd080 5.74 eb71eb090f8b5babe8ce71b16a53f69a
.data 0x19ae80 0x1284c 0x12880 3.94 6f25102c0c7926452ca42e438809bfcb
.kbdfall 0x1ad700 0x63c 0x680 4.64 29f829807a57c3f1be70d31778a4a4d9
.edata 0x1add80 0x1ae3 0x1b00 5.96 526aeca951847c614f1029e701c66b95
INIT 0x1af880 0x5796 0x5800 6.68 f4905138cea1c270a50aae109f281e31
.rsrc 0x1b5080 0x22bc 0x2300 3.61 68cb48619ce9378874e821fe8c665f75
.reloc 0x1b7380 0xcc1c 0xcc80 6.76 aaee9bb699321464beee6f4f73dfc9e9
( 4 imports )
> Dxapi.sys: _DxApiGetVersion@0
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
> ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
> watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection
( 225 exports )
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Pilote Win32 multi-utilisateurs
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.5976 (xpsp_sp3_gdr.100501-1623)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2010.07.24.01;2010.07.23;-
AntiVir;8.2.4.26;2010.07.23;-
Antiy-AVL;2.0.3.7;2010.07.23;-
Authentium;5.2.0.5;2010.07.24;-
Avast;4.8.1351.0;2010.07.25;-
Avast5;5.0.332.0;2010.07.25;-
AVG;9.0.0.851;2010.07.25;-
BitDefender;7.2;2010.07.25;-
CAT-QuickHeal;11.00;2010.07.24;-
ClamAV;0.96.0.3-git;2010.07.25;-
Comodo;5536;2010.07.25;-
DrWeb;5.0.2.03300;2010.07.25;-
Emsisoft;5.0.0.34;2010.07.25;-
eSafe;7.0.17.0;2010.07.25;-
eTrust-Vet;36.1.7734;2010.07.24;-
F-Prot;4.6.1.107;2010.07.24;-
F-Secure;9.0.15370.0;2010.07.25;-
Fortinet;4.1.143.0;2010.07.24;-
GData;21;2010.07.24;-
Ikarus;T3.1.1.84.0;2010.07.25;-
Jiangmin;13.0.900;2010.07.25;-
Kaspersky;7.0.0.125;2010.07.25;-
McAfee;5.400.0.1158;2010.07.25;-
McAfee-GW-Edition;2010.1;2010.07.25;-
Microsoft;1.6004;2010.07.25;-
NOD32;5311;2010.07.25;-
Norman;6.05.11;2010.07.25;-
nProtect;2010-07-25.02;2010.07.25;-
Panda;10.0.2.7;2010.07.25;-
PCTools;7.0.3.5;2010.07.25;-
Prevx;3.0;2010.07.25;-
Rising;22.57.03.08;2010.07.23;-
Sophos;4.55.0;2010.07.25;-
Sunbelt;6638;2010.07.25;-
SUPERAntiSpyware;4.40.0.1006;2010.07.25;-
Symantec;20101.1.1.7;2010.07.25;-
TheHacker;6.5.2.1.324;2010.07.25;-
TrendMicro;9.120.0.1004;2010.07.25;-
TrendMicro-HouseCall;9.120.0.1004;2010.07.25;-
VBA32;3.12.12.6;2010.07.23;-
ViRobot;2010.7.23.3956;2010.07.25;-
VirusBuster;5.0.27.0;2010.07.25;-
Information additionnelle
File size: 1851392 bytes
MD5...: d6491ca433261fcbdc99d27064e5f180
SHA1..: 9f6fcac4b36eb3769b853c221dac3de2b1ee3fc6
SHA256: 96bb9cecae6acf6cb13fab1680958e651bb1ee66571e1a740952f557c1dbd0e5
ssdeep: 49152:aDqNe4/vdvf0pXYioLaYmW/p4ckdbVQFH:aDqNeQapXYPaRxNm
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1b11ff
timedatestamp.....: 0x4bdd0c20 (Sun May 02 05:22:40 2010)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x18da27 0x18da80 6.69 36f3dfcb691f06bb5538cbf7f77df007
.rdata 0x18de00 0xd05c 0xd080 5.74 eb71eb090f8b5babe8ce71b16a53f69a
.data 0x19ae80 0x1284c 0x12880 3.94 6f25102c0c7926452ca42e438809bfcb
.kbdfall 0x1ad700 0x63c 0x680 4.64 29f829807a57c3f1be70d31778a4a4d9
.edata 0x1add80 0x1ae3 0x1b00 5.96 526aeca951847c614f1029e701c66b95
INIT 0x1af880 0x5796 0x5800 6.68 f4905138cea1c270a50aae109f281e31
.rsrc 0x1b5080 0x22bc 0x2300 3.61 68cb48619ce9378874e821fe8c665f75
.reloc 0x1b7380 0xcc1c 0xcc80 6.76 aaee9bb699321464beee6f4f73dfc9e9
( 4 imports )
> Dxapi.sys: _DxApiGetVersion@0
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
> ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
> watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection
( 225 exports )
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: