× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c4fa5932f899e3600f0fd0a437c61f20b6836c38c5a35ec3063684e3b30469f
File name: SNIFFER.SYS
Detection ratio: 0 / 57
Analysis date: 2015-06-21 09:25:11 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware 20150621
AegisLab 20150621
Yandex 20150620
AhnLab-V3 20150620
Alibaba 20150620
ALYac 20150621
Antiy-AVL 20150621
Arcabit 20150621
Avast 20150621
AVG 20150621
Avira (no cloud) 20150621
AVware 20150621
Baidu-International 20150621
BitDefender 20150621
Bkav 20150620
ByteHero 20150621
CAT-QuickHeal 20150620
ClamAV 20150621
CMC 20150618
Comodo 20150621
Cyren 20150621
DrWeb 20150621
Emsisoft 20150621
ESET-NOD32 20150621
F-Prot 20150621
F-Secure 20150621
Fortinet 20150621
GData 20150621
Ikarus 20150621
Jiangmin 20150620
K7AntiVirus 20150621
K7GW 20150621
Kaspersky 20150621
Kingsoft 20150621
Malwarebytes 20150621
McAfee 20150621
McAfee-GW-Edition 20150621
Microsoft 20150621
eScan 20150621
NANO-Antivirus 20150621
nProtect 20150619
Panda 20150621
Qihoo-360 20150621
Rising 20150618
Sophos AV 20150621
SUPERAntiSpyware 20150621
Symantec 20150621
Tencent 20150621
TheHacker 20150620
TotalDefense 20150620
TrendMicro 20150621
TrendMicro-HouseCall 20150621
VBA32 20150620
VIPRE 20150621
ViRobot 20150621
Zillya 20150620
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-02-09 02:20:17
Entry Point 0x00020EDC
Number of sections 6
PE sections
Overlays
MD5 388a2b006e85774743f7eaa359e4c262
File type data
Offset 536544
Size 13360
Entropy 3.26
PE imports
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeQueryPerformanceCounter
KfLowerIrql
NdisSetEvent
NdisInitializeTimer
NdisInitializeEvent
NdisAllocateBufferPool
NdisAllocatePacket
NdisFreePacket
NdisFreeBufferPool
NdisAllocateBuffer
NdisUnchainBufferAtFront
NdisFreePacketPool
NdisDeregisterProtocol
NdisCloseAdapter
NdisRegisterProtocol
NdisOpenAdapter
NdisQueryAdapterInstanceName
NdisWaitEvent
NdisAllocateMemory
NdisSetTimer
NdisAllocatePacketPool
NdisResetEvent
NdisFreeMemory
NdisCancelTimer
KeQuerySystemTime
RtlInitUnicodeString
IoBuildPartialMdl
_allmul
swprintf
RtlCopyUnicodeString
_except_handler3
_alldiv
IoCreateDevice
MmProbeAndLockPages
ExfInterlockedRemoveHeadList
IoDeleteDevice
ExFreePool
ExAllocatePoolWithTag
MmBuildMdlForNonPagedPool
IofCompleteRequest
RtlEqualUnicodeString
IoDeleteSymbolicLink
_aulldiv
DbgPrint
ExfInterlockedInsertTailList
KeInitializeSpinLock
IoAllocateMdl
MmMapLockedPages
IoCreateSymbolicLink
MmUnmapLockedPages
_aullshr
KeDelayExecutionThread
IoFreeMdl
MmUnlockPages
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:02:09 03:20:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
180352

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
355488

SubsystemVersion
5.0

EntryPoint
0x20edc

OSVersion
5.0

ImageVersion
5.0

UninitializedDataSize
0

File identification
MD5 92651ba6aed641b39fcb462f9d2dd105
SHA1 858deb56062e20a7039014c1be82797514faef61
SHA256 0c4fa5932f899e3600f0fd0a437c61f20b6836c38c5a35ec3063684e3b30469f
ssdeep
3072:bWSXrutrBM8c5M7XRXisikh2+Ue49bRIGiNRKneYeEsONLWGGK7H4CT1ct/cnvuX:abD79ikh9g4fKnoSLWq7HvT1cKnM

authentihash 2f012350c2811e42718e42f6604b5d2f7f9f5977aa0effd93207aa09c970e1eb
imphash 8981ff75efc09a400a80d791af03d43a
File size 537.0 KB ( 549904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay native

VirusTotal metadata
First submission 2008-07-18 05:40:35 UTC ( 10 years, 10 months ago )
Last submission 2015-06-21 09:25:11 UTC ( 3 years, 11 months ago )
File names sniffer.sys
SNIFFER.SYS
sniffer.sys
sniffer.sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!