× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3406cfef738e385a9dabece090eee91ee6378ca0a01fa92b6186526d431bb230
File name: 161-xp_andhigher.sys
Detection ratio: 4 / 36
Analysis date: 2012-08-23 16:43:13 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
F-Secure Gen:Variant.Kazy.88758 20120823
K7AntiVirus Trojan 20120823
Kaspersky HEUR:Trojan.Win64.Hiki.gen 20120823
Norman W32/Obfuscated.S!genr 20120823
AntiVir 20120823
Antiy-AVL 20120822
Avast 20120823
AVG 20120823
ByteHero 20120814
CAT-QuickHeal 20120823
ClamAV 20120823
Commtouch 20120823
Comodo 20120823
DrWeb 20120823
Emsisoft 20120823
eSafe 20120823
ESET-NOD32 20120822
F-Prot 20120823
Fortinet 20120823
Ikarus 20120818
Jiangmin 20120823
McAfee-GW-Edition 20120823
Microsoft 20120823
Panda 20120823
PCTools 20120823
Rising 20120823
Sophos AV 20120823
SUPERAntiSpyware 20120823
Symantec 20120823
TheHacker 20120822
TotalDefense 20120823
TrendMicro 20120823
TrendMicro-HouseCall 20120823
VBA32 20120823
VIPRE 20120823
ViRobot 20120823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Windows (R) Codename Longhorn DDK driver
Original name w7fw.SYS
Internal name w7fw.SYS
File version 6, 1, 6000, 16385
Description Microsoft Intermediate Miniport Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-02 08:15:13
Entry Point 0x00008000
Number of sections 6
PE sections
PE imports
KfAcquireSpinLock
KfReleaseSpinLock
NdisDprFreePacket
NdisIMCopySendPerPacketInfo
NdisSetEvent
NdisCloseConfiguration
NdisMIndicateStatus
NdisReadConfiguration
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisInitializeEvent
NdisReEnumerateProtocolBindings
NdisMSetAttributesEx
NdisAllocatePacket
NdisFreePacket
NdisGetReceivedPacket
NdisTerminateWrapper
NdisDprAllocatePacket
NdisIMRegisterLayeredMiniport
NdisMDeregisterDevice
NdisAllocateBuffer
NdisCancelSendPackets
NdisUnchainBufferAtFront
NdisOpenProtocolConfiguration
NdisFreePacketPool
NdisDeregisterProtocol
NdisCloseAdapter
NdisRegisterProtocol
NdisIMNotifyPnPEvent
NdisIMCopySendCompletePerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMAssociateMiniport
NdisOpenAdapter
NdisInitializeWrapper
NdisWaitEvent
NdisMRegisterUnloadHandler
NdisMSleep
NdisMIndicateStatusComplete
NdisIMGetCurrentPacketStack
NdisResetEvent
NdisRequest
NdisFreeMemory
NdisReturnPackets
NdisAllocatePacketPoolEx
NdisGetPoolFromPacket
NdisAllocateMemoryWithTag
NdisMRegisterDevice
NdisIMCancelInitializeDeviceInstance
NdisIMDeregisterLayeredMiniport
KeQuerySystemTime
RtlInitUnicodeString
_allmul
KeInitializeEvent
MmMapLockedPagesSpecifyCache
_except_handler3
DbgPrint
KeClearEvent
IoGetCurrentProcess
memset
IofCompleteRequest
ExEventObjectType
KeSetEvent
KeResetEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
memcpy
_vsnprintf
strstr
MmMapLockedPages
PsCreateSystemThread
ObfDereferenceObject
ZwClose
IoFreeMdl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
1.0

FileSubtype
6

FileVersionNumber
6.1.6000.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x8000

OriginalFileName
w7fw.SYS

MIMEType
application/octet-stream

LegalCopyright
? Microsoft Corporation. All rights reserved.

FileVersion
6, 1, 6000, 16385

TimeStamp
2011:11:02 09:15:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
w7fw.SYS

ProductVersion
6, 1, 6000, 16385

FileDescription
Microsoft Intermediate Miniport Driver

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Windows (R) Codename Longhorn DDK provider

CodeSize
23040

ProductName
Windows (R) Codename Longhorn DDK driver

ProductVersionNumber
6.1.6000.16385

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 9a5c580ddfb4b6a8503c6e9ad43809f9
SHA1 61b370c7f9e85d7e6753383df0c1432bc8f4e643
SHA256 3406cfef738e385a9dabece090eee91ee6378ca0a01fa92b6186526d431bb230
ssdeep
384:yiWDtgv6uRf1VyGZ6X/fWR1XGEoM4uz6vaoFgFr/u0CILu:zSgyE9VvZQ/fmodvvCFruQLu

authentihash 658da7d4f5e1729460c10afa7b3ddcf394330603dabd6531fa7458f755756432
imphash 7b25abf4e3af150d1b7aef8047b3beeb
File size 28.0 KB ( 28672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2011-11-09 19:01:53 UTC ( 7 years, 2 months ago )
Last submission 2015-07-05 13:57:55 UTC ( 3 years, 6 months ago )
File names w7fw.SYS
W7fw.sys
161-xp_andhigher.sys
9A5C580DDFB4B6A8503C6E9AD43809F9 - 161-xp_andhigher.sy
259.exe
1345739678.161-xp_andhigher.sys
file-3268117_sys
jaoGtk_.caj
3406cfef738e385a9dabece090eee91ee6378ca0a01fa92b6186526d431bb230
d_7Ifi.7z
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!