The malware’s driver was signed by Microsoft but attributed to a suspicious Chinese company, Hubei Dunwang Network Technology Co., Ltd. The company exploited Microsoft’s driver code-signing requirements to obtain an Extended Verification certificate.