× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54c2e77bce1037711a11313ac25b8706109098c10a31aa03aeb7a185e97800d7
File name: nwifi.sys
Detection ratio: 0 / 46
Analysis date: 2013-04-04 10:51:36 UTC ( 1 year ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20130403
Agnitum 20130403
AhnLab-V3 20130404
AntiVir 20130404
Antiy-AVL 20130404
Avast 20130404
BitDefender 20130404
ByteHero 20130401
CAT-QuickHeal 20130404
ClamAV 20130404
Commtouch 20130404
Comodo 20130404
DrWeb 20130404
ESET-NOD32 20130404
Emsisoft 20130404
F-Prot 20130404
F-Secure 20130404
Fortinet 20130404
GData 20130404
Ikarus 20130404
Jiangmin 20130404
K7AntiVirus 20130402
Kaspersky 20130404
Kingsoft 20130401
Malwarebytes 20130404
McAfee 20130404
McAfee-GW-Edition 20130404
MicroWorld-eScan 20130404
Microsoft 20130404
NANO-Antivirus 20130404
Norman 20130404
PCTools 20130404
Panda 20130404
Rising 20130403
SUPERAntiSpyware 20130404
Sophos 20130404
Symantec 20130404
TheHacker 20130404
TotalDefense 20130404
TrendMicro 20130404
TrendMicro-HouseCall 20130404
VBA32 20130403
VIPRE 20130404
ViRobot 20130404
eSafe 20130403
nProtect 20130404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Windows
Product Microsoft® Windows® Operating System
Original name NWiFi.SYS
Internal name NWiFi.SYS
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description NativeWiFi Miniport Driver
Signature verification Signed file, verified signature
Signing date 8:33 PM 11/20/2010
Signers
[+] Microsoft Windows
Status Certificate out of its validity period
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm SHA1
Thumbrint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status Valid
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm SHA1
Thumbrint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Certificate out of its validity period
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2009-07-14 00:07:23
Entry Point 0x00044924
Number of sections 8
PE sections
PE imports
NdisFDeregisterFilterDriver
NdisRetreatNetBufferListDataStart
NdisFOidRequest
NdisFSetAttributes
NdisSetEvent
NdisFreeNetBufferListContext
NdisCloseConfiguration
NdisFreeCloneOidRequest
NdisAllocateNetBufferPool
NdisFRegisterFilterDriver
NdisRetreatNetBufferDataStart
NdisInitializeTimer
NdisFreeTimerObject
NdisInitializeEvent
NdisCancelTimerObject
NdisRegisterDeviceEx
NdisFDirectOidRequest
NdisAllocateRWLock
NdisFreeIoWorkItem
NdisAllocateNetBufferList
NdisFOidRequestComplete
NdisAllocateCloneOidRequest
NdisFreeRWLock
NdisFReturnNetBufferLists
NdisAllocateNetBufferListPool
NdisFDevicePnPEventNotify
NdisOpenConfigurationEx
NdisFSendNetBufferListsComplete
NdisFDirectOidRequestComplete
NdisGetSystemUpTimeEx
NdisMSleep
NdisFreeNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListContext
NdisAdvanceNetBufferListDataStart
NdisFreeNetBufferPool
NdisFCancelSendNetBufferLists
NdisWaitEvent
NdisAcquireRWLockRead
NdisReleaseRWLock
NdisFIndicateReceiveNetBufferLists
NdisFRestartFilter
NdisQueueIoWorkItem
NdisAllocateIoWorkItem
NdisReadConfiguration
NdisSetTimer
NdisFSendNetBufferLists
NdisDeregisterDeviceEx
NdisFreeMemory
NdisAllocateTimerObject
NdisSetTimerObject
NdisFIndicateStatus
NdisAcquireRWLockWrite
NdisAllocateMemoryWithTag
NdisCancelTimer
NdisAllocateNetBuffer
NdisFreeNetBuffer
NdisFNetPnPEvent
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyKey
BCryptGetProperty
BCryptCloseAlgorithmProvider
IoQueueWorkItem
ExQueryDepthSList
ZwOpenKey
IoInitializeWorkItem
_vsnprintf
IoGetDeviceObjectPointer
KeInitializeEvent
RtlCreateSecurityDescriptor
RtlInitUnicodeString
ZwCreateKey
IoQueueWorkItemEx
MmMapLockedPagesSpecifyCache
IoCsqRemoveNextIrp
EtwEventEnabled
ExpInterlockedPushEntrySList
IoFreeWorkItem
KeReleaseSpinLock
IoSizeofWorkItem
ExInitializeNPagedLookasideList
__C_specific_handler
IoBuildDeviceIoControlRequest
SeExports
MmGetSystemRoutineAddress
ExpInterlockedPopEntrySList
EtwRegister
KeBugCheck
IoGetFileObjectGenericMapping
IoReleaseCancelSpinLock
ZwDeleteKey
EtwWriteTransfer
RtlGUIDFromString
ExAllocatePoolWithTag
RtlAddAccessAllowedAce
RtlUpcaseUnicodeString
ExDeleteNPagedLookasideList
IoUninitializeWorkItem
MmBuildMdlForNonPagedPool
IofCompleteRequest
IoCsqInsertIrpEx
KeSetEvent
IoCsqInitializeEx
ZwQueryValueKey
RtlMapGenericMask
IoOpenDeviceRegistryKey
ObfDereferenceObject
IoWMIRegistrationControl
ExFreePoolWithTag
EtwUnregister
RtlFreeUnicodeString
MmSizeOfMdl
ExQueueWorkItem
RtlLengthSid
RtlStringFromGUID
IoAcquireCancelSpinLock
IoAllocateMdl
EtwWrite
KeAcquireSpinLockRaiseToDpc
RtlSetDaclSecurityDescriptor
IoWMIWriteEvent
KeBugCheckEx
ZwSetValueKey
IoAllocateWorkItem
RtlCreateAcl
KeWaitForSingleObject
IofCallDriver
RtlCompareMemory
ZwClose
IoFreeMdl
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
82432

ImageVersion
6.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
NWiFi.SYS

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 01:07:23+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
NWiFi.SYS

FileAccessDate
2014:02:09 02:39:29+01:00

ProductVersion
6.1.7600.16385

FileDescription
NativeWiFi Miniport Driver

OSVersion
6.1

FileCreateDate
2014:02:09 02:39:29+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
240128

FileSubtype
6

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x44924

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 1ea3749c4114db3e3161156ffffa6b33
SHA1 9e06df46f4e7795825526ad35f557c2328856259
SHA256 54c2e77bce1037711a11313ac25b8706109098c10a31aa03aeb7a185e97800d7
ssdeep
6144:CJ1Z6+KTdrifbzdez4s07gmfSw6idc9kjyPFnlTgSvyn:CJ1x84bzdez4HcmfSw6idc9kjyPJG

imphash c99c8a03b0fce4762d1e04ee46fcf7ef
File size 311.5 KB ( 318976 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits peexe assembly signed native

VirusTotal metadata
First submission 2010-02-06 11:46:04 UTC ( 4 years, 2 months ago )
Last submission 2014-02-08 21:50:27 UTC ( 2 months, 1 week ago )
File names nwifi.sys
9e06df46f4e7795825526ad35f557c2328856259
nwifi.sys
file-4159625_sys
nwifi.sys
nwifi.sys
tmp885f.tmp
nwifi.sys
nwifi.sys
tmpb56c.tmp
smona_54c2e77bce1037711a11313ac25b8706109098c10a31aa03aeb7a185e97800d7.bin
nwifi.sys
tmp17eb.tmp
nwifi.sys
tmp8238.tmp
NWiFi.SYS
tmpa62b.tmp
nwifi.sys
nwifi.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!