× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 37d9d0e50e4f155ccb3c5393de0ba9b5fd5bf4611524b45be2d754bf299703b1
File name: Driver64b.sys
Detection ratio: 7 / 56
Analysis date: 2015-05-15 09:00:35 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:Rovnix-K [Rtk] 20150515
AVG Dropper.Generic9.ZOZ 20150515
Bkav W64.HfsAutoA.E5DC 20150514
DrWeb Trojan.Mayachok.19009 20150515
ESET-NOD32 a variant of Win64/Rovnix.F 20150515
Kaspersky Trojan.Win64.Rovnix.a 20150515
Microsoft VirTool:Win64/Rovnix.E 20150515
Ad-Aware 20150515
AegisLab 20150515
Yandex 20150514
AhnLab-V3 20150515
Alibaba 20150515
ALYac 20150515
Avira (no cloud) 20150515
AVware 20150515
Baidu-International 20150515
BitDefender 20150515
ByteHero 20150515
CAT-QuickHeal 20150514
ClamAV 20150515
CMC 20150513
Comodo 20150515
Cyren 20150515
Emsisoft 20150515
F-Prot 20150515
F-Secure 20150515
Fortinet 20150515
GData 20150515
Ikarus 20150515
Jiangmin 20150513
K7AntiVirus 20150515
K7GW 20150515
Kingsoft 20150515
Malwarebytes 20150515
McAfee 20150515
McAfee-GW-Edition 20150514
eScan 20150515
NANO-Antivirus 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
Rising 20150514
Sophos AV 20150515
SUPERAntiSpyware 20150515
Symantec 20150515
Tencent 20150515
TheHacker 20150514
TotalDefense 20150514
TrendMicro 20150515
TrendMicro-HouseCall 20150515
VBA32 20150514
VIPRE 20150515
ViRobot 20150515
Zillya 20150514
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2015-03-22 04:14:46
Entry Point 0x0000382C
Number of sections 6
PE sections
PE imports
KeQueryPerformanceCounter
IoAllocateIrp
RtlInitUnicodeString
PsLookupProcessByProcessId
ZwReadFile
ZwQuerySystemInformation
KeInitializeEvent
RtlTimeFieldsToTime
MmProbeAndLockPages
_wcslwr
ObReferenceObjectByHandle
MmBuildMdlForNonPagedPool
KeInitializeApc
PsSetLoadImageNotifyRoutine
ExCreateCallback
strncpy
KeReleaseSpinLock
strchr
ZwOpenProcess
KeInitializeMutex
RtlFreeAnsiString
__C_specific_handler
IoGetLowerDeviceObject
IoDeleteDevice
IoCreateDevice
ZwTerminateProcess
RtlUnicodeStringToAnsiString
RtlImageDirectoryEntryToData
IoCreateDriver
ExAllocatePool
PsSetCreateProcessNotifyRoutine
RtlTimeToTimeFields
RtlAppendUnicodeToString
ZwMapViewOfSection
wcsrchr
KeInsertQueueApc
IoFreeIrp
ZwWriteFile
RtlAnsiStringToUnicodeString
IofCompleteRequest
RtlEqualUnicodeString
RtlUpperString
IoDeleteSymbolicLink
ExRegisterCallback
_stricmp
ProbeForWrite
KeSetEvent
ProbeForRead
IoFileObjectType
KeWaitForSingleObject
IofCallDriver
ExFreePoolWithTag
RtlFreeUnicodeString
ZwQueryInformationProcess
ZwCreateFile
ZwUnmapViewOfSection
_snwprintf
ZwDeviceIoControlFile
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
KeReleaseMutex
IoCreateSymbolicLink
ZwOpenFile
RtlInitAnsiString
PsCreateSystemThread
ExAllocatePoolWithTag
ExUnregisterCallback
MmMapLockedPagesSpecifyCache
MmIsAddressValid
ZwCreateSection
KeDelayExecutionThread
wcsstr
ObfDereferenceObject
ZwQueryInformationFile
ZwClose
IoFreeMdl
MmUnlockPages
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
AMD AMD64

TimeStamp
2015:03:22 05:14:46+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
36864

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
8704

SubsystemVersion
6.1

EntryPoint
0x382c

OSVersion
6.1

ImageVersion
6.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 acebb8d92c7d8529f84d9a22280f3f21
SHA1 af31afc042e649d7f5996241a16324347973ee25
SHA256 37d9d0e50e4f155ccb3c5393de0ba9b5fd5bf4611524b45be2d754bf299703b1
ssdeep
1536:UU+vRurFqFCNT4Jo1Plkdmo3/MmRBlxfHvZdsh8I9:evRurgnJo1PGdp3FRBl1HvZu8I9

authentihash 6ef87fd7f3858522bc1c6e14f9d9956b34cad59f4c372bd6fc860d5603cd4966
imphash 5835c8465fcd606302013c3054b7fb34
File size 75.0 KB ( 76800 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
64bits peexe assembly native

VirusTotal metadata
First submission 2015-05-15 09:00:35 UTC ( 3 years, 7 months ago )
Last submission 2015-07-03 20:42:29 UTC ( 3 years, 5 months ago )
File names ACEBB8D92C7D8529F84D9A22280F3F21
Driver64b.sys
Comss_Vir_14-30_ (55).exe
ACEBB8D92C7D8529F84D9A22280F3F21.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!