× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
File name: 162_hikit_rootkit_64.sys
Detection ratio: 9 / 42
Analysis date: 2012-08-24 05:14:53 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win64:Hiki-B [Rtk] 20120824
Comodo UnclassifiedMalware 20120824
Emsisoft Trojan.Win32.Hiki!IK 20120824
ESET-NOD32 Win64/Hikit.A 20120823
GData Win64:Hiki-B 20120824
K7AntiVirus Trojan 20120823
Kaspersky HEUR:Trojan.Win64.Hiki.gen 20120824
TrendMicro-HouseCall TROJ_GEN.F47V0823 20120824
ViRobot Trojan.Win64.A.Hiki.45056 20120824
AhnLab-V3 20120823
AntiVir 20120824
Antiy-AVL 20120824
AVG 20120823
BitDefender 20120824
ByteHero 20120817
CAT-QuickHeal 20120824
ClamAV 20120824
Commtouch 20120824
DrWeb 20120824
eSafe 20120823
F-Prot 20120824
F-Secure 20120824
Fortinet 20120824
Ikarus 20120818
Jiangmin 20120824
McAfee 20120824
McAfee-GW-Edition 20120823
Microsoft 20120824
Norman 20120823
nProtect 20120823
Panda 20120823
PCTools 20120824
Rising 20120824
Sophos AV 20120824
SUPERAntiSpyware 20120824
Symantec 20120824
TheHacker 20120822
TotalDefense 20120823
TrendMicro 20120824
VBA32 20120823
VIPRE 20120824
VirusBuster 20120823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Windows (R) Codename Longhorn DDK driver
Original name w7fw.SYS
Internal name w7fw.SYS
File version 6, 1, 6000, 16385
Description Microsoft Intermediate Miniport Driver
PE header basic information
Target machine x64
Compilation timestamp 2011-11-02 08:15:25
Entry Point 0x0000D000
Number of sections 6
PE sections
PE imports
NdisDprFreePacket
NdisIMCopySendPerPacketInfo
NdisSetEvent
NdisCloseConfiguration
NdisMIndicateStatus
NdisReadConfiguration
NdisReturnPackets
NdisIMGetDeviceContext
NdisInitializeEvent
NdisReEnumerateProtocolBindings
NdisMSetAttributesEx
NdisAllocatePacket
NdisFreePacket
NdisGetReceivedPacket
NdisTerminateWrapper
NdisDprAllocatePacket
NdisIMRegisterLayeredMiniport
NdisMDeregisterDevice
NdisAllocateBuffer
NdisCancelSendPackets
NdisUnchainBufferAtFront
NdisOpenProtocolConfiguration
NdisFreePacketPool
NdisDeregisterProtocol
NdisCloseAdapter
NdisRegisterProtocol
NdisIMNotifyPnPEvent
NdisIMCopySendCompletePerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMAssociateMiniport
NdisOpenAdapter
NdisInitializeWrapper
NdisWaitEvent
NdisMRegisterUnloadHandler
NdisMSleep
NdisMIndicateStatusComplete
NdisIMGetCurrentPacketStack
NdisResetEvent
NdisRequest
NdisFreeMemory
NdisIMInitializeDeviceInstanceEx
NdisAllocatePacketPoolEx
NdisGetPoolFromPacket
NdisAllocateMemoryWithTag
NdisMRegisterDevice
NdisIMCancelInitializeDeviceInstance
NdisIMDeregisterLayeredMiniport
RtlInitUnicodeString
KeInitializeEvent
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
DbgPrint
__C_specific_handler
IoGetCurrentProcess
KeClearEvent
IofCompleteRequest
ExEventObjectType
KeSetEvent
KeResetEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
_vsnprintf
strstr
MmMapLockedPages
KeAcquireSpinLockRaiseToDpc
PsCreateSystemThread
ObfDereferenceObject
IoIs32bitProcess
ZwClose
IoFreeMdl
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
9.0

ImageVersion
1.0

FileSubtype
6

FileVersionNumber
6.1.6000.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0xd000

OriginalFileName
w7fw.SYS

MIMEType
application/octet-stream

LegalCopyright
? Microsoft Corporation. All rights reserved.

FileVersion
6, 1, 6000, 16385

TimeStamp
2011:11:02 09:15:25+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
w7fw.SYS

ProductVersion
6, 1, 6000, 16385

FileDescription
Microsoft Intermediate Miniport Driver

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Windows (R) Codename Longhorn DDK provider

CodeSize
39424

ProductName
Windows (R) Codename Longhorn DDK driver

ProductVersionNumber
6.1.6000.16385

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 586fcd16dbd63282a33e8f7297403b1a
SHA1 b995a0c0e178bf787084b2099ef6d259f2c893dc
SHA256 565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
ssdeep
768:FCMfcIAvh7xT7Dhsg6UQbFUR90KX7WB4mr+PtEECu2eobxeSFrtE:MDIAvh7xT7FsXXFuNLWamr+PtEE723x4

authentihash 3f596d544f6c69fd551f46e60262b1e8d923c58b02e95252419e44fed3751bac
imphash 2613ebff676c1be7a0f9611513df6c08
File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2012-08-23 07:06:50 UTC ( 6 years, 2 months ago )
Last submission 2015-07-05 13:53:19 UTC ( 3 years, 4 months ago )
File names GN_Dm7BW7.dll
aa
w7fw.SYS
586fcd16dbd63282a33e8f7297403b1a.dll
1345739693.162_hikit_rootkit_64.sys
565da8f55b832ce964221f81012536e523d9772a8310bd9fdc074df52e482c54
162_hikit_rootkit_64.sys
586FCD16DBD63282A33E8F7297403B1A - 162_hikit_rootkit_64.sy
162_hikit_rootkit_64.sys..exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!