× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f
File name: Driver32b.sys
Detection ratio: 18 / 57
Analysis date: 2015-05-15 08:59:49 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.82496 20150515
ALYac Gen:Variant.Zusy.82496 20150515
Avast Win32:Rovnix-K [Rtk] 20150515
AVG Dropper.Generic9.ZPA 20150515
BitDefender Gen:Variant.Zusy.82496 20150515
CAT-QuickHeal Bootkit.Rovnix.DR5 20150514
DrWeb Trojan.Mayachok.19009 20150515
Emsisoft Gen:Variant.Zusy.82496 (B) 20150515
ESET-NOD32 a variant of Win32/Rovnix.F 20150515
F-Secure Gen:Variant.Zusy.82496 20150515
GData Gen:Variant.Zusy.82496 20150515
Kaspersky Trojan.Win32.Rovnix.b 20150515
McAfee Rootkit-FAK!699A65FC9571 20150515
McAfee-GW-Edition Rootkit-FAK!699A65FC9571 20150514
Microsoft VirTool:WinNT/Rovnix.D 20150515
eScan Gen:Variant.Zusy.82496 20150515
Symantec Trojan.Carberp.C 20150515
Tencent Trojan.Win32.Qudamah.Gen.16 20150515
AegisLab 20150515
Yandex 20150514
AhnLab-V3 20150515
Alibaba 20150515
Antiy-AVL 20150515
Avira (no cloud) 20150515
AVware 20150515
Baidu-International 20150515
Bkav 20150514
ByteHero 20150515
ClamAV 20150515
CMC 20150513
Comodo 20150515
Cyren 20150515
F-Prot 20150515
Fortinet 20150515
Ikarus 20150515
Jiangmin 20150513
K7AntiVirus 20150515
K7GW 20150515
Kingsoft 20150515
Malwarebytes 20150515
NANO-Antivirus 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
Rising 20150514
Sophos AV 20150515
SUPERAntiSpyware 20150515
TheHacker 20150514
TotalDefense 20150514
TrendMicro 20150515
TrendMicro-HouseCall 20150515
VBA32 20150514
VIPRE 20150515
ViRobot 20150515
Zillya 20150514
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-22 04:13:49
Entry Point 0x00002B60
Number of sections 5
PE sections
PE imports
KfAcquireSpinLock
KfReleaseSpinLock
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeQuerySystemTime
RtlInitUnicodeString
ZwTerminateProcess
RtlAnsiStringToUnicodeString
IoAllocateIrp
KeInitializeEvent
ZwQuerySystemInformation
memset
RtlTimeToTimeFields
MmProbeAndLockPages
_wcslwr
MmMapLockedPagesSpecifyCache
RtlTimeFieldsToTime
ZwCreateFile
KeInitializeApc
PsSetLoadImageNotifyRoutine
IoCreateDriver
ExCreateCallback
ExAllocatePool
_except_handler3
ZwOpenProcess
KeInitializeMutex
RtlFreeAnsiString
IoGetLowerDeviceObject
IoDeleteDevice
IoCreateDevice
RtlUnicodeStringToAnsiString
KeGetCurrentThread
RtlImageDirectoryEntryToData
KeTickCount
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
ZwWriteFile
RtlAppendUnicodeToString
ZwMapViewOfSection
wcsrchr
KeInsertQueueApc
ZwReadFile
IoFreeIrp
strchr
MmBuildMdlForNonPagedPool
IofCompleteRequest
RtlEqualUnicodeString
RtlUpperString
IoDeleteSymbolicLink
_aulldiv
IoFileObjectType
_stricmp
ProbeForWrite
KeSetEvent
ProbeForRead
ZwQueryInformationProcess
ObReferenceObjectByHandle
ObfDereferenceObject
IofCallDriver
ExFreePoolWithTag
ZwOpenFile
memcpy
ExRegisterCallback
ZwUnmapViewOfSection
_snwprintf
ZwDeviceIoControlFile
IoAllocateMdl
KeReleaseMutex
memmove
IoCreateSymbolicLink
ObOpenObjectByPointer
RtlInitAnsiString
PsCreateSystemThread
ExAllocatePoolWithTag
ExUnregisterCallback
MmIsAddressValid
ZwCreateSection
KeDelayExecutionThread
wcsstr
KeWaitForSingleObject
ZwQueryInformationFile
ZwClose
IoFreeMdl
MmUnlockPages
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:22 05:13:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30208

LinkerVersion
9.0

EntryPoint
0x2b60

InitializedDataSize
5120

SubsystemVersion
6.1

ImageVersion
6.1

OSVersion
6.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 699a65fc9571b809e0a183561dabe017
SHA1 b21e347ab26f6d9fb9549f748e817bd1ada1e833
SHA256 2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f
ssdeep
1536:TaRMzTxMxY4TfDnuZjLykjfcCvFecgWZMeiejQ23Cn/2I:TrRYDnK/1ECvgcgNzF/2

authentihash 646750220c712e4c4472480516d269bce1d05185b90a2616330aa2a4d39997e9
imphash c1b50b7fdf25b4cddc8157aad13b4958
File size 64.5 KB ( 66048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native

VirusTotal metadata
First submission 2015-05-15 08:59:49 UTC ( 3 years, 7 months ago )
Last submission 2018-04-27 21:14:58 UTC ( 7 months, 2 weeks ago )
File names 699A65FC9571B809E0A183561DABE017
Driver32b.sys
699A65FC9571B809E0A183561DABE017.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!