× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30f6ba594b0d3b94113064015a16d97811cd989df1715cce21ceab9894c1b4fb
File name: vwififlt.sys
Detection ratio: 0 / 46
Analysis date: 2013-04-04 11:21:32 UTC ( 4 years, 5 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20130404
Yandex 20130403
AhnLab-V3 20130404
AntiVir 20130404
Antiy-AVL 20130404
Avast 20130404
BitDefender 20130404
ByteHero 20130322
CAT-QuickHeal 20130404
ClamAV 20130404
Commtouch 20130404
Comodo 20130404
DrWeb 20130404
ESET-NOD32 20130404
Emsisoft 20130404
F-Prot 20130404
F-Secure 20130404
Fortinet 20130404
GData 20130404
Ikarus 20130404
Jiangmin 20130404
K7AntiVirus 20130402
Kaspersky 20130404
Kingsoft 20130401
Malwarebytes 20130404
McAfee 20130404
McAfee-GW-Edition 20130404
eScan 20130404
Microsoft 20130404
NANO-Antivirus 20130404
Norman 20130404
PCTools 20130404
Panda 20130404
Rising 20130403
SUPERAntiSpyware 20130404
Sophos AV 20130404
Symantec 20130404
TheHacker 20130404
TotalDefense 20130404
TrendMicro 20130404
TrendMicro-HouseCall 20130404
VBA32 20130403
VIPRE 20130404
ViRobot 20130404
eSafe 20130403
nProtect 20130404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name vwififlt.sys
Internal name vwififlt.sys
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Virtual WiFi Filter Driver
PE header basic information
Target machine x64
Compilation timestamp 2009-07-14 00:07:22
Entry Point 0x000116CC
Number of sections 9
PE sections
PE imports
NdisFDeregisterFilterDriver
NdisFSendNetBufferLists
NdisFOidRequest
NdisFSetAttributes
NdisSetEvent
NdisFreeCloneOidRequest
NdisFRegisterFilterDriver
NdisFIndicateStatus
NdisInitializeEvent
NdisAllocateMemoryWithTagPriority
NdisRegisterDeviceEx
NdisFReturnNetBufferLists
NdisFOidRequestComplete
NdisAllocateCloneOidRequest
NdisAllocateCloneNetBufferList
NdisAllocateNetBufferListPool
NdisFDevicePnPEventNotify
NdisFSendNetBufferListsComplete
NdisFDirectOidRequestComplete
NdisFCancelDirectOidRequest
NdisGetDeviceReservedExtension
NdisFreeMemory
NdisFreeNetBufferListPool
NdisFCancelSendNetBufferLists
NdisWaitEvent
NdisFIndicateReceiveNetBufferLists
NdisMSleep
NdisFDirectOidRequest
NdisDeregisterDeviceEx
NdisFCancelOidRequest
NdisCopySendNetBufferListInfo
NdisFreeCloneNetBufferList
NdisResetEvent
NdisFNetPnPEvent
RtlInitUnicodeString
ZwOpenKey
KeInitializeMutex
KeInitializeEvent
KeAcquireSpinLockAtDpcLevel
_vsnwprintf
KeReleaseSpinLock
DbgPrint
ZwCreateKey
IoRegisterPlugPlayNotification
IoBuildDeviceIoControlRequest
KeReleaseSpinLockFromDpcLevel
RtlGUIDFromString
IoGetDeviceObjectPointer
RtlUpcaseUnicodeString
IofCompleteRequest
ZwQueryValueKey
ObfDereferenceObject
IofCallDriver
ExFreePoolWithTag
EtwUnregister
MmGetSystemRoutineAddress
IoWMIRegistrationControl
KeReleaseMutex
EtwWrite
IoUnregisterPlugPlayNotificationEx
KeAcquireSpinLockRaiseToDpc
IoWMIWriteEvent
ExAllocatePoolWithTag
EtwRegister
KeBugCheckEx
KeWaitForSingleObject
ZwSetValueKey
RtlCompareMemory
ZwClose
ObfReferenceObject
PE exports
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
6

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
10752

EntryPoint
0x116cc

OriginalFileName
vwififlt.sys

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 01:07:22+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
vwififlt.sys

ProductVersion
6.1.7600.16385

FileDescription
Virtual WiFi Filter Driver

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
48640

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 6a3d66263414ff0d6fa754c646612f3f
SHA1 6aff3511944f237ccdab9dbcf336c791cdcc5400
SHA256 30f6ba594b0d3b94113064015a16d97811cd989df1715cce21ceab9894c1b4fb
ssdeep
768:W8pMsMqxOJO59+KRHhhO5rAfrB7ahyXcgaNES37dg2RYN9DvFRN0kB8YCagYOjwd:T8X4nO5EfrIgY/e3OagYOjwHS8Rt3

authentihash 3ea37db0f17a639303fadde1c524586754676f24c5c940b7001e03f854c98e36
imphash a193af5f436a7ae0b15eb785993b4fbf
File size 58.5 KB ( 59904 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
64bits peexe assembly trusted native

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with vwififlt.sys as its name.
VirusTotal metadata
First submission 2009-12-10 01:25:29 UTC ( 7 years, 9 months ago )
Last submission 2017-09-13 04:34:33 UTC ( 1 week ago )
File names f0f33.tmpscan
uddbda6.tmp
uddd4d.tmp
uddbd6d.tmp
vwififlt.sys
udd1fd8.tmp
udd743a.tmp
b5a23e54-31bb-830a-25aa-267bff4e3820_1d1c408045c48aa
udd2d2f.tmp
uddcfc.tmp
c03b0e16295bb52f63b66ef87a9d25ac39875c7a.sys
vwififlt(3737).sys
udd4ed1.tmp
udd1fa.tmp
udd6e0c.tmp
4058c7ab-c8ff-a95d-d12e-e6aba87c64eb_1d1c523b486f6fd
udde86c.tmp
udd9907.tmp
_media_prost_IR-DAT-1__S-LPT2_Windows_System32_drivers_vwififlt.sys____-0.winpe
5ca218.tmpscan
uddc91e.tmp
52b31f.tmpscan
uddfbb3.tmp
udd2327.tmp
udd3a19.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!