× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be4502c0a01872f41fe22de23db0b585001ed73554d8b53d972d9d8f7c01105f
File name: HWiNFO64A.SYS
Detection ratio: 0 / 55
Analysis date: 2014-11-16 19:01:59 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20141116
AegisLab 20141116
Yandex 20141116
AhnLab-V3 20141116
Antiy-AVL 20141116
Avast 20141116
AVG 20141116
Avira (no cloud) 20141116
AVware 20141116
Baidu-International 20141107
BitDefender 20141116
Bkav 20141115
ByteHero 20141116
CAT-QuickHeal 20141114
ClamAV 20141116
CMC 20141114
Comodo 20141116
Cyren 20141116
DrWeb 20141116
Emsisoft 20141116
ESET-NOD32 20141116
F-Prot 20141116
F-Secure 20141116
Fortinet 20141116
GData 20141116
Ikarus 20141116
Jiangmin 20141115
K7AntiVirus 20141114
K7GW 20141115
Kaspersky 20141116
Kingsoft 20141116
Malwarebytes 20141116
McAfee 20141116
McAfee-GW-Edition 20141116
Microsoft 20141116
eScan 20141116
NANO-Antivirus 20141116
Norman 20141116
nProtect 20141114
Panda 20141116
Qihoo-360 20141116
Rising 20141116
Sophos AV 20141116
SUPERAntiSpyware 20141116
Symantec 20141116
Tencent 20141116
TheHacker 20141115
TotalDefense 20141116
TrendMicro 20141116
TrendMicro-HouseCall 20141116
VBA32 20141114
VIPRE 20141116
ViRobot 20141116
Zillya 20141115
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c)1999-2010 Martin Malík - REALiX

Publisher REALiX
Product HWiNFO32 Kernel Driver
Original name HWiNFO32.SYS
Internal name HWiNFO32.SYS
File version 7.30 built by: WinDDK
Description HWiNFO32 Kernel Driver
Signature verification Signed file, verified signature
Signing date 10:45 PM 2/16/2010
Signers
[+] REALiX
Status A certificate was explicitly revoked by its issuer.
Issuer None
Valid from 2:59 PM 7/16/2009
Valid to 2:59 PM 7/16/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint AE487D66694C160F67338B06124787D76DBED513
Serial number 01 00 00 00 00 01 22 84 03 47 5B
[+] GlobalSign ObjectSign CA
Status A certificate was explicitly revoked by its issuer.
Issuer None
Valid from 11:00 AM 1/22/2004
Valid to 12:00 PM 1/27/2017
Valid usage All
Algorithm SHA1
Thumbprint B859853EF366AC9335763C340A87BD208113055F
Serial number 04 00 00 00 00 01 1E 44 A5 EC BE
[+] GlobalSign Primary Object Publishing CA
Status Valid
Issuer None
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage All
Algorithm SHA1
Thumbprint 1AAF4DF10D36215E09E4EEFD70E340C2E4DECF38
Serial number 04 00 00 00 00 01 1E 44 A5 E2 4E
[+] GlobalSign
Status Valid
Issuer None
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm SHA1
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2010-02-16 21:45:00
Entry Point 0x00009010
Number of sections 6
PE sections
PE imports
KeStallExecutionProcessor
HalGetBusDataByOffset
HalSetBusDataByOffset
MmUnmapIoSpace
RtlInitUnicodeString
IofCompleteRequest
__C_specific_handler
IoDeleteDevice
IoCreateSymbolicLink
ZwOpenFile
ZwDeviceIoControlFile
IoCreateDevice
IoDeleteSymbolicLink
MmMapIoSpace
ZwClose
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
8.0

ImageVersion
5.2

FileSubtype
7

FileVersionNumber
7.30.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3072

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (c)1999-2010 Martin Mal k - REALiX

FileVersion
7.30 built by: WinDDK

TimeStamp
2010:02:16 22:45:00+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
HWiNFO32.SYS

FileAccessDate
2014:11:16 20:03:51+01:00

ProductVersion
7.3

FileDescription
HWiNFO32 Kernel Driver

OSVersion
5.2

FileCreateDate
2014:11:16 20:03:51+01:00

OriginalFilename
HWiNFO32.SYS

Subsystem
Native

MachineType
AMD AMD64

CompanyName
REALiX(tm)

CodeSize
19456

ProductName
HWiNFO32 Kernel Driver

ProductVersionNumber
7.30.0.0

EntryPoint
0x9010

ObjectFileType
Driver

File identification
MD5 73ba3a0807dd1a1c45d1c726ddaa51ac
SHA1 0f7542faf8fea2760440355d894504d67fe9a0d9
SHA256 be4502c0a01872f41fe22de23db0b585001ed73554d8b53d972d9d8f7c01105f
ssdeep
384:0xzgwIRheDqgnAft05TYQ/6f/0mlOPibU26YJLRGfuNE54XdUb+M0Q:6swakA105F/o3lOqbU2zLWiM0Q

authentihash 506539bf2733fde59bb5ddb3f99ad49bdd983fa877f6b4c5a3eab014e4a04107
imphash bc00223850239f6555412f79d4582869
File size 30.4 KB ( 31104 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits peexe assembly signed native

VirusTotal metadata
First submission 2010-02-17 22:27:53 UTC ( 8 years, 6 months ago )
Last submission 2011-05-29 12:49:07 UTC ( 7 years, 2 months ago )
File names HWiNFO32.SYS
HWiNFO64A.SYS
hwinfo64a.sys
smona130667325074184734989
Mydrivers64A.SYS
HWiNFO64A.SYS
HWiNFO64A.SYS
HWiNFO64A.SYS
hwinfo64a.sys
73ba3a0807dd1a1c45d1c726ddaa51ac
smona126644198670345859266
HWiNFO64A.SYS
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!