@LeberechtReinhold I can understand why it was done in the first place, but MS just blindly signing anything they are given is stupid, they should at least disallow binaries packed by themida or vmprotect.
vmprotect on a driver is an indicator of compromise, especially if the cert/opus info references a chinese entity.