× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6cb4d2b2808803ee955cef920e6b74ff966a113a80e27ecc9559dedc0d538379
File name: aswSnx.sys
Detection ratio: 0 / 54
Analysis date: 2014-11-04 15:23:51 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware 20141104
AegisLab 20141104
Yandex 20141103
AhnLab-V3 20141104
Antiy-AVL 20141104
Avast 20141104
AVG 20141104
Avira (no cloud) 20141104
AVware 20141104
Baidu-International 20141103
BitDefender 20141104
Bkav 20141104
ByteHero 20141104
CAT-QuickHeal 20141104
ClamAV 20141104
CMC 20141104
Comodo 20141104
Cyren 20141104
DrWeb 20141104
Emsisoft 20141104
ESET-NOD32 20141104
F-Prot 20141104
F-Secure 20141104
Fortinet 20141104
GData 20141104
Ikarus 20141104
Jiangmin 20141103
K7AntiVirus 20141103
K7GW 20141104
Kaspersky 20141104
Kingsoft 20141104
Malwarebytes 20141104
McAfee 20141104
McAfee-GW-Edition 20141104
Microsoft 20141104
eScan 20141104
NANO-Antivirus 20141104
Norman 20141104
nProtect 20141104
Qihoo-360 20141104
Rising 20141103
Sophos AV 20141104
SUPERAntiSpyware 20141104
Symantec 20141104
Tencent 20141104
TheHacker 20141104
TotalDefense 20141104
TrendMicro 20141104
TrendMicro-HouseCall 20141104
VBA32 20141104
VIPRE 20141104
ViRobot 20141104
Zillya 20141103
Zoner 20141104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2013 AVAST Software

Publisher AVAST Software
Product avast! Antivirus
Original name aswSnx.sys
Internal name aswSnx.sys
File version 8.0.1483.72
Description avast! Virtualization Driver
Signature verification Signed file, verified signature
Signing date 12:33 AM 3/7/2013
Signers
[+] AVAST Software
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 1/31/2011
Valid to 12:59 AM 1/31/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint DAEE6B6845246502630C11081368A1237988688E
Serial number 0D D6 D6 71 FE 03 64 D4 3B 63 21 31 41 7E 7B 3F
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-06 23:22:54
Entry Point 0x000AD149
Number of sections 8
PE sections
PE imports
FltGetVolumeGuidName
FltParseFileNameInformation
FltGetTopInstance
FltAcquirePushLockShared
FltCreateFile
FltTagFile
FltReadFile
FltGetVolumeProperties
FltClose
FltIsVolumeWritable
FltQueryInformationFile
FltBuildDefaultSecurityDescriptor
FltGetDiskDeviceObject
FltSetSecurityObject
FltAllocateContext
FltInitializePushLock
FltCompletePendedPostOperation
FltReleaseContext
FltIsCallbackDataDirty
FltGetFileNameInformation
FltGetVolumeFromFileObject
FltSetVolumeContext
FltQueueGenericWorkItem
FltGetStreamHandleContext
FltWriteFile
FltDeletePushLock
FltQueryVolumeInformationFile
FltUnregisterFilter
FltFreeCallbackData
FltRegisterFilter
FltAllocateGenericWorkItem
FltCloseCommunicationPort
FltGetVolumeContext
FltCloseClientPort
FltAllocateCallbackData
FltFreeGenericWorkItem
FltStartFiltering
FltGetDeviceObject
FltObjectReference
FltGetVolumeFromInstance
FltEnumerateVolumes
FltQueryVolumeInformation
FltSetStreamHandleContext
FltClearCallbackDataDirty
FltObjectDereference
FltDeleteStreamHandleContext
FltSetInformationFile
FltGetVolumeFromName
FltQuerySecurityObject
FltLockUserBuffer
FltGetRoutineAddress
FltSupportsStreamHandleContexts
FltCreateCommunicationPort
FltSendMessage
FltFreeSecurityDescriptor
FltGetFileNameInformationUnsafe
FltAcquirePushLockExclusive
FltDeleteContext
FltReleaseFileNameInformation
FltCheckAndGrowNameControl
FltSetCallbackDataDirty
FltGetVolumeName
FltReleasePushLock
FltPerformSynchronousIo
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
ZwOpenKey
RtlUnicodeStringToInteger
ZwQueryDirectoryObject
_allmul
ExRaiseStatus
RtlCreateSecurityDescriptor
PsRemoveCreateThreadNotifyRoutine
RtlSetGroupSecurityDescriptor
_snwprintf
ExInitializePagedLookasideList
ZwCreateJobObject
strncpy
ZwSetInformationJobObject
IoIsWdmVersionAvailable
KeInitializeDpc
KeUnstackDetachProcess
ZwOpenThreadTokenEx
RtlNumberOfSetBits
ZwWriteFile
ZwAdjustPrivilegesToken
ExDeleteResourceLite
SeExports
KdDebuggerNotPresent
NlsMbOemCodePageTag
ZwQueryInformationThread
PsProcessType
IoGetCurrentProcess
ZwCreateSymbolicLinkObject
KeTickCount
KeCancelTimer
IoGetTopLevelIrp
RtlInsertElementGenericTable
RtlLengthRequiredSid
ZwMapViewOfSection
isspace
RtlAddAccessAllowedAce
sprintf
wcsncpy
ExDesktopObjectType
ZwDeleteKey
RtlIntegerToUnicodeString
IoDeleteSymbolicLink
RtlAnsiStringToUnicodeString
ObGetObjectSecurity
KeSetEvent
ProbeForRead
RtlNtStatusToDosError
ExAllocatePool
ObReferenceObjectByHandle
wcsncmp
KeStackAttachProcess
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
ZwQueryInformationProcess
MmGetSystemRoutineAddress
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
RtlInitializeSid
RtlSetBit
strstr
IoThreadToProcess
ObOpenObjectByPointer
IoGetRelatedDeviceObject
memmove
RtlLengthSecurityDescriptor
RtlxUnicodeStringToAnsiSize
wcsrchr
ZwOpenProcessTokenEx
RtlAppendUnicodeStringToString
ZwSetInformationProcess
RtlInitializeBitMap
RtlAppendUnicodeToString
RtlConvertSidToUnicodeString
InterlockedPushEntrySList
ObfReferenceObject
RtlInitializeGenericTableAvl
IoAllocateIrp
KeQueryActiveProcessors
PsLookupProcessByProcessId
KeReadStateEvent
ZwUnloadKey
IoGetDeviceObjectPointer
memset
_wcsnicmp
ZwIsProcessInJob
_stricmp
PsGetProcessPeb
_wcsicmp
SeCaptureSecurityDescriptor
IofCompleteRequest
ExCreateCallback
KeSetPriorityThread
strchr
ZwOpenProcess
_alldiv
ExReleaseResourceLite
ExInitializeResourceLite
IoCreateDevice
InitSafeBootMode
RtlUnicodeStringToAnsiString
ObReferenceObjectByName
IoDeviceObjectType
IoGetStackLimits
IoDeleteDevice
IoCancelIrp
MmIsDriverVerifying
RtlLookupElementGenericTable
MmUnmapIoSpace
RtlInsertElementGenericTableAvl
ExDeleteNPagedLookasideList
MmMapIoSpace
ExRegisterCallback
ZwQuerySecurityObject
ZwQuerySystemInformation
ZwDeviceIoControlFile
ExNotifyCallback
KeResetEvent
ExfInterlockedInsertTailList
PsGetVersion
KeQuerySystemTime
RtlNumberOfClearBits
RtlNumberGenericTableElementsAvl
RtlClearAllBits
ZwQueryObject
KeEnterCriticalRegion
ZwQueryValueKey
IoAllocateMdl
ExIsResourceAcquiredExclusiveLite
IoGetDeviceAttachmentBaseRef
RtlGetOwnerSecurityDescriptor
ZwOpenFile
ZwOpenDirectoryObject
RtlSetDaclSecurityDescriptor
PsCreateSystemThread
ZwClose
ExAcquireResourceSharedLite
ExUnregisterCallback
ZwSetValueKey
MmIsAddressValid
ZwCreateSection
MmCreateSection
KeReleaseSemaphore
RtlCompareMemory
RtlEnumerateGenericTableAvl
strncmp
RtlInitUnicodeString
RtlSubAuthoritySid
KeInitializeTimer
RtlAnsiCharToUnicodeChar
ZwReadFile
RtlAbsoluteToSelfRelativeSD
ZwQueryKey
KeInitializeEvent
PsImpersonateClient
RtlFindSetBitsAndClear
PsGetProcessSessionId
ObFindHandleForObject
MmMapLockedPagesSpecifyCache
RtlDeleteElementGenericTableAvl
RtlClearBit
toupper
PsSetLoadImageNotifyRoutine
ExfInterlockedRemoveHeadList
RtlUnwind
ObOpenObjectByName
KeWaitForSingleObject
ObQueryNameString
RtlGetGroupSecurityDescriptor
ExInitializeNPagedLookasideList
RtlGetSaclSecurityDescriptor
RtlUpcaseUnicodeChar
_aullrem
PsRemoveLoadImageNotifyRoutine
MmProbeAndLockPages
ExDeletePagedLookasideList
PsSetCreateProcessNotifyRoutine
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
InterlockedPopEntrySList
PsGetProcessCreateTimeQuadPart
KeClearEvent
_itow
RtlInitializeGenericTable
ExGetPreviousMode
RtlGUIDFromString
PsGetThreadTeb
IoReuseIrp
ObReleaseObjectSecurity
RtlUpcaseUnicodeString
IoFreeIrp
KeGetCurrentThread
ZwFreeVirtualMemory
MmBuildMdlForNonPagedPool
RtlIpv6AddressToStringExW
ZwSetInformationFile
wcschr
ZwEnumerateValueKey
IoFileObjectType
ZwAssignProcessToJobObject
KeSetTimer
RtlIpv4AddressToStringExW
ExAcquireResourceExclusiveLite
_allrem
KeServiceDescriptorTable
RtlInt64ToUnicodeString
_purecall
ZwAllocateVirtualMemory
ExQueueWorkItem
RtlLengthSid
PsGetCurrentThreadId
MmUserProbeAddress
PsGetThreadId
IoCreateSymbolicLink
RtlInitAnsiString
RtlAppendStringToString
ExIsResourceAcquiredSharedLite
ExAllocatePoolWithTag
PsGetProcessId
RtlCreateAcl
ObfDereferenceObject
ZwQueryInformationFile
PsGetThreadProcess
MmUnlockPages
ZwDeleteValueKey
MmUnmapViewOfSection
RtlStringFromGUID
ZwTerminateProcess
ZwCreateFile
RtlTimeToTimeFields
ProbeForWrite
RtlValidSid
PsSetCreateThreadNotifyRoutine
PsRevertToSelf
swprintf
ZwEnumerateKey
NtClose
RtlAddAccessAllowedAceEx
RtlCopyUnicodeString
RtlCompareUnicodeString
ZwSetSecurityObject
DbgPrint
RtlQueryRegistryValues
RtlDeleteElementGenericTable
ZwOpenProcessToken
_allshr
RtlGetDaclSecurityDescriptor
SeFilterToken
ZwCreateKey
ZwFsControlFile
_allshl
RtlPrefixUnicodeString
KeDelayExecutionThread
PsThreadType
MmUnmapLockedPages
ExUuidCreate
ZwQuerySymbolicLinkObject
ZwQueryVolumeInformationFile
PsGetProcessExitProcessCalled
KeInitializeSemaphore
NtBuildNumber
MmMapViewOfSection
RtlFormatCurrentUserKeyPath
memcpy
KeLeaveCriticalRegion
ZwMakeTemporaryObject
wcsstr
RtlFreeAnsiString
IoForwardIrpSynchronously
RtlGetCallersAddress
ExFreePoolWithTag
IoVolumeDeviceToDosName
RtlEqualUnicodeString
KdDebuggerEnabled
ZwUnmapViewOfSection
PsIsThreadTerminating
ZwOpenThread
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
PsIsSystemThread
ZwLoadKey
ZwQueryInformationToken
PsGetCurrentProcessId
PsGetThreadProcessId
KeBugCheckEx
RtlFindSetBits
ZwDuplicateObject
IofCallDriver
RtlSetOwnerSecurityDescriptor
ZwCreateDirectoryObject
IoFreeMdl
ExSystemTimeToLocalTime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
253952

ImageVersion
6.0

ProductName
avast! Antivirus

FileVersionNumber
8.0.1483.72

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
avast! Virtualization Driver

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
aswSnx.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
8.0.1483.72

TimeStamp
2013:03:07 00:22:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aswSnx.sys

FileAccessDate
2014:11:04 16:19:12+01:00

ProductVersion
8.0.1483.72

SubsystemVersion
6.0

OSVersion
6.0

FileCreateDate
2014:11:04 16:19:12+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2013 AVAST Software

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
504320

FileSubtype
7

ProductVersionNumber
8.0.1483.72

EntryPoint
0xad149

ObjectFileType
Driver

File identification
MD5 0e604867fc28f00d91cb0b00d2ec830d
SHA1 fd6196bed02a372731d38e535ba8fe15efa193de
SHA256 6cb4d2b2808803ee955cef920e6b74ff966a113a80e27ecc9559dedc0d538379
ssdeep
12288:C/TNJegnZu84H27BkQHKgtbnL5F2z07FZI9X+aP4wpiLPQY4Qb1nrsC:CrNJegTR7L5FqyFZI9ut

authentihash 7182a4e7ac251f6fafe872f98e609619b4c61e5534e173c1c3814969e5edabed
imphash 98984899321651a1b62baa433b65b87e
File size 747.8 KB ( 765736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed native

VirusTotal metadata
First submission 2013-03-14 06:39:24 UTC ( 6 years, 2 months ago )
Last submission 2013-07-21 11:46:22 UTC ( 5 years, 10 months ago )
File names aswSnx.SYS
aswsnx.sys
aswSnx.SYS
aswsnx.sys
ASWSNX.SYS
vt-upload-XBFdkV
aswSnx.sys
aswSnx.sys
aswsnx.sys
aswSnx.sys
A0002150.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!