× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
File name: 162_hikit_rootkit_64.sys
Detection ratio: 3 / 42
Analysis date: 2012-08-23 16:43:39 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
K7AntiVirus Trojan 20120823
Kaspersky HEUR:Trojan.Win64.Hiki.gen 20120823
TrendMicro-HouseCall TROJ_GEN.F47V0823 20120823
AhnLab-V3 20120823
AntiVir 20120823
Antiy-AVL 20120822
Avast 20120823
AVG 20120823
BitDefender 20120823
ByteHero 20120822
CAT-QuickHeal 20120823
ClamAV 20120823
Commtouch 20120823
Comodo 20120823
DrWeb 20120823
Emsisoft 20120823
eSafe 20120823
ESET-NOD32 20120822
F-Prot 20120823
F-Secure 20120823
Fortinet 20120823
GData 20120823
Ikarus 20120818
Jiangmin 20120823
McAfee 20120823
McAfee-GW-Edition 20120823
Microsoft 20120823
Norman 20120823
nProtect 20120823
Panda 20120823
PCTools 20120823
Rising 20120823
Sophos AV 20120823
SUPERAntiSpyware 20120823
Symantec 20120823
TheHacker 20120822
TotalDefense 20120823
TrendMicro 20120823
VBA32 20120823
VIPRE 20120823
ViRobot 20120823
VirusBuster 20120823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Windows (R) Codename Longhorn DDK driver
Original name w7fw.SYS
Internal name w7fw.SYS
File version 6, 1, 6000, 16385
Description Microsoft Intermediate Miniport Driver
PE header basic information
Target machine x64
Compilation timestamp 2011-11-02 08:15:25
Entry Point 0x0000D000
Number of sections 6
PE sections
PE imports
NdisDprFreePacket
NdisIMCopySendPerPacketInfo
NdisSetEvent
NdisCloseConfiguration
NdisMIndicateStatus
NdisReadConfiguration
NdisReturnPackets
NdisIMGetDeviceContext
NdisInitializeEvent
NdisReEnumerateProtocolBindings
NdisMSetAttributesEx
NdisAllocatePacket
NdisFreePacket
NdisGetReceivedPacket
NdisTerminateWrapper
NdisDprAllocatePacket
NdisIMRegisterLayeredMiniport
NdisMDeregisterDevice
NdisAllocateBuffer
NdisCancelSendPackets
NdisUnchainBufferAtFront
NdisOpenProtocolConfiguration
NdisFreePacketPool
NdisDeregisterProtocol
NdisCloseAdapter
NdisRegisterProtocol
NdisIMNotifyPnPEvent
NdisIMCopySendCompletePerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMAssociateMiniport
NdisOpenAdapter
NdisInitializeWrapper
NdisWaitEvent
NdisMRegisterUnloadHandler
NdisMSleep
NdisMIndicateStatusComplete
NdisIMGetCurrentPacketStack
NdisResetEvent
NdisRequest
NdisFreeMemory
NdisIMInitializeDeviceInstanceEx
NdisAllocatePacketPoolEx
NdisGetPoolFromPacket
NdisAllocateMemoryWithTag
NdisMRegisterDevice
NdisIMCancelInitializeDeviceInstance
NdisIMDeregisterLayeredMiniport
RtlInitUnicodeString
KeInitializeEvent
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
DbgPrint
__C_specific_handler
IoGetCurrentProcess
KeClearEvent
IofCompleteRequest
ExEventObjectType
KeSetEvent
KeResetEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
_vsnprintf
strstr
MmMapLockedPages
KeAcquireSpinLockRaiseToDpc
PsCreateSystemThread
ObfDereferenceObject
IoIs32bitProcess
ZwClose
IoFreeMdl
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
4608

ImageVersion
1.0

ProductName
Windows (R) Codename Longhorn DDK driver

FileVersionNumber
6.1.6000.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Microsoft Intermediate Miniport Driver

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
w7fw.SYS

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6, 1, 6000, 16385

TimeStamp
2011:11:02 09:15:25+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
w7fw.SYS

ProductVersion
6, 1, 6000, 16385

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
? Microsoft Corporation. All rights reserved.

MachineType
AMD AMD64

CompanyName
Windows (R) Codename Longhorn DDK provider

CodeSize
39424

FileSubtype
6

ProductVersionNumber
6.1.6000.16385

EntryPoint
0xd000

ObjectFileType
Driver

File identification
MD5 586fcd16dbd63282a33e8f7297403b1a
SHA1 b995a0c0e178bf787084b2099ef6d259f2c893dc
SHA256 565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
ssdeep
768:FCMfcIAvh7xT7Dhsg6UQbFUR90KX7WB4mr+PtEECu2eobxeSFrtE:MDIAvh7xT7FsXXFuNLWamr+PtEE723x4

authentihash 3f596d544f6c69fd551f46e60262b1e8d923c58b02e95252419e44fed3751bac
imphash 2613ebff676c1be7a0f9611513df6c08
File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2012-08-23 07:06:50 UTC ( 6 years, 5 months ago )
Last submission 2015-07-05 13:53:19 UTC ( 3 years, 6 months ago )
File names GN_Dm7BW7.dll
aa
w7fw.SYS
586fcd16dbd63282a33e8f7297403b1a.dll
1345739693.162_hikit_rootkit_64.sys
565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
162_hikit_rootkit_64.sys
586FCD16DBD63282A33E8F7297403B1A - 162_hikit_rootkit_64.sy
162_hikit_rootkit_64.sys..exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!