× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30f6ba594b0d3b94113064015a16d97811cd989df1715cce21ceab9894c1b4fb
File name: vwififlt.sys
Detection ratio: 0 / 46
Analysis date: 2013-04-04 11:21:32 UTC ( 1 year ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20130404
Agnitum 20130403
AhnLab-V3 20130404
AntiVir 20130404
Antiy-AVL 20130404
Avast 20130404
BitDefender 20130404
ByteHero 20130322
CAT-QuickHeal 20130404
ClamAV 20130404
Commtouch 20130404
Comodo 20130404
DrWeb 20130404
ESET-NOD32 20130404
Emsisoft 20130404
F-Prot 20130404
F-Secure 20130404
Fortinet 20130404
GData 20130404
Ikarus 20130404
Jiangmin 20130404
K7AntiVirus 20130402
Kaspersky 20130404
Kingsoft 20130401
Malwarebytes 20130404
McAfee 20130404
McAfee-GW-Edition 20130404
MicroWorld-eScan 20130404
Microsoft 20130404
NANO-Antivirus 20130404
Norman 20130404
PCTools 20130404
Panda 20130404
Rising 20130403
SUPERAntiSpyware 20130404
Sophos 20130404
Symantec 20130404
TheHacker 20130404
TotalDefense 20130404
TrendMicro 20130404
TrendMicro-HouseCall 20130404
VBA32 20130403
VIPRE 20130404
ViRobot 20130404
eSafe 20130403
nProtect 20130404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Windows
Product Microsoft® Windows® Operating System
Original name vwififlt.sys
Internal name vwififlt.sys
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Virtual WiFi Filter Driver
Signature verification Signed file, verified signature
Signing date 8:33 PM 11/20/2010
Signers
[+] Microsoft Windows
Status Certificate out of its validity period
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm SHA1
Thumbrint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status Valid
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm SHA1
Thumbrint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Certificate out of its validity period
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2009-07-14 00:07:22
Entry Point 0x000116CC
Number of sections 9
PE sections
PE imports
NdisFDeregisterFilterDriver
NdisFSendNetBufferLists
NdisFOidRequest
NdisFSetAttributes
NdisSetEvent
NdisFreeCloneOidRequest
NdisFRegisterFilterDriver
NdisFIndicateStatus
NdisInitializeEvent
NdisAllocateMemoryWithTagPriority
NdisRegisterDeviceEx
NdisFReturnNetBufferLists
NdisFOidRequestComplete
NdisAllocateCloneOidRequest
NdisAllocateCloneNetBufferList
NdisAllocateNetBufferListPool
NdisFDevicePnPEventNotify
NdisFSendNetBufferListsComplete
NdisFDirectOidRequestComplete
NdisFCancelDirectOidRequest
NdisGetDeviceReservedExtension
NdisFreeMemory
NdisFreeNetBufferListPool
NdisFCancelSendNetBufferLists
NdisWaitEvent
NdisFIndicateReceiveNetBufferLists
NdisMSleep
NdisFDirectOidRequest
NdisDeregisterDeviceEx
NdisFCancelOidRequest
NdisCopySendNetBufferListInfo
NdisFreeCloneNetBufferList
NdisResetEvent
NdisFNetPnPEvent
RtlInitUnicodeString
ZwOpenKey
KeInitializeMutex
KeInitializeEvent
KeAcquireSpinLockAtDpcLevel
_vsnwprintf
KeReleaseSpinLock
DbgPrint
ZwCreateKey
IoRegisterPlugPlayNotification
IoBuildDeviceIoControlRequest
KeReleaseSpinLockFromDpcLevel
RtlGUIDFromString
IoGetDeviceObjectPointer
RtlUpcaseUnicodeString
IofCompleteRequest
ZwQueryValueKey
ObfDereferenceObject
IofCallDriver
ExFreePoolWithTag
EtwUnregister
MmGetSystemRoutineAddress
IoWMIRegistrationControl
KeReleaseMutex
EtwWrite
IoUnregisterPlugPlayNotificationEx
KeAcquireSpinLockRaiseToDpc
IoWMIWriteEvent
ExAllocatePoolWithTag
EtwRegister
KeBugCheckEx
KeWaitForSingleObject
ZwSetValueKey
RtlCompareMemory
ZwClose
ObfReferenceObject
PE exports
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
6

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
10752

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 01:07:22+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
vwififlt.sys

FileAccessDate
2013:12:18 02:42:06+01:00

ProductVersion
6.1.7600.16385

FileDescription
Virtual WiFi Filter Driver

OSVersion
6.1

FileCreateDate
2013:12:18 02:42:06+01:00

OriginalFilename
vwififlt.sys

Subsystem
Native

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
48640

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x116cc

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 6a3d66263414ff0d6fa754c646612f3f
SHA1 6aff3511944f237ccdab9dbcf336c791cdcc5400
SHA256 30f6ba594b0d3b94113064015a16d97811cd989df1715cce21ceab9894c1b4fb
ssdeep
768:W8pMsMqxOJO59+KRHhhO5rAfrB7ahyXcgaNES37dg2RYN9DvFRN0kB8YCagYOjw:T8X4nO5EfrIgY/e3OagYOjwHS8Rt3

File size 58.5 KB ( 59904 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits peexe assembly signed native

VirusTotal metadata
First submission 2009-12-10 01:25:29 UTC ( 4 years, 4 months ago )
Last submission 2013-11-06 10:59:38 UTC ( 5 months, 2 weeks ago )
File names udd5e1d.tmp
uddf7d.tmp
uddf538.tmp
uddd74c.tmp
uddf22b.tmp
vwififlt.sys
udd435e.tmp
udda115.tmp
uddfbdc.tmp
vwififlt.sys
vwififlt.sys
smona132221990137484989198
udd6345.tmp
file-4159423_sys
uddbad0.tmp
uddc66c.tmp
udd1803.tmp
smona_30f6ba594b0d3b94113064015a16d97811cd989df1715cce21ceab9894c1b4fb.bin
udd1941.tmp
udd13bb.tmp
uddb442.tmp
udd31ce.tmp
udd8b8c.tmp
uddcb8c.tmp
vwififlt.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!