× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2b631fcdf83b928661a7e09dd11fa640251a4850ff570436f3b16abef0fad10
File name: jminet7.sys_
Detection ratio: 5 / 42
Analysis date: 2011-10-18 19:22:11 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
McAfee PWS-Duqu!rootkit 20111018
McAfee-GW-Edition PWS-Duqu!rootkit 20111018
Microsoft Trojan:WinNT/Duqu.A 20111018
PCTools Malware.Duqu 20111018
Symantec W32.Duqu 20111018
AhnLab-V3 20111018
AntiVir 20111018
Antiy-AVL 20111018
Avast 20111018
AVG 20111018
BitDefender 20111018
ByteHero 20110923
CAT-QuickHeal 20111018
ClamAV 20111018
Commtouch 20111018
Comodo 20111018
DrWeb 20111018
Emsisoft 20111018
eSafe 20111017
eTrust-Vet 20111018
F-Prot 20111017
F-Secure 20111018
Fortinet 20111018
GData 20111018
Ikarus 20111018
Jiangmin 20111018
K7AntiVirus 20111018
Kaspersky 20111018
NOD32 20111018
nProtect 20111018
Panda 20111018
Prevx 20111018
Rising 20111018
Sophos AV 20111018
SUPERAntiSpyware 20111018
TheHacker 20111018
TrendMicro 20111018
TrendMicro-HouseCall 20111018
VBA32 20111017
VIPRE 20111018
ViRobot 20111018
VirusBuster 20111018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Product JMicron Volume Snapshot
Original name jminet7.sys
Internal name jminet7.sys
File version 2.1.0.14
Description JMicron Volume Snapshot Driver
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-03 17:25:26
Entry Point 0x00000570
Number of sections 6
PE sections
PE imports
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
IoQueueWorkItem
MmUnmapIoSpace
RtlInitUnicodeString
ZwOpenKey
ZwReadFile
KeInitializeMutex
memset
IoInitializeRemoveLockEx
_stricmp
KdDebuggerEnabled
PsLookupProcessByProcessId
IoFreeWorkItem
_except_handler3
ZwQueryInformationProcess
RtlDeleteElementGenericTable
RtlUpcaseUnicodeChar
IoCreateDevice
IoDeleteDevice
InitSafeBootMode
ExAllocatePool
IoDeleteSymbolicLink
RtlInitializeGenericTable
RtlInsertElementGenericTable
PsGetVersion
KeGetCurrentThread
MmMapIoSpace
ZwQueryInformationFile
IofCompleteRequest
RtlLookupElementGenericTable
ZwQueryValueKey
MmGetPhysicalAddress
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
ExFreePoolWithTag
ZwAllocateVirtualMemory
MmGetSystemRoutineAddress
memcpy
KeReleaseMutex
IoCreateSymbolicLink
ZwOpenFile
IoAllocateWorkItem
ObOpenObjectByPointer
ObfDereferenceObject
ZwClose
IoRegisterDriverReinitialization
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InternalCopyright
Copyright 2001-2006 JMicron Technology Corporation. All rights reserved.

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.1.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
10368

EntryPoint
0x0570

OriginalFileName
jminet7.sys

MIMEType
application/octet-stream

FileVersion
2.1.0.14

TimeStamp
2010:11:03 18:25:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jminet7.sys

SubsystemVersion
5.0

ProductVersion
2.1.0.14

FileDescription
JMicron Volume Snapshot Driver

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
JMicron Technology Corporation

CodeSize
13824

ProductName
JMicron Volume Snapshot

ProductVersionNumber
2.1.0.14

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 0eecd17c6c215b358b7b872b74bfd800
SHA1 d17c6a9ed7299a8a55cd962bdb8a5a974d0cb660
SHA256 f2b631fcdf83b928661a7e09dd11fa640251a4850ff570436f3b16abef0fad10
ssdeep
384:bJqPYsVhIShjnH12tmHvtzQ3Tl22ku/IlRv+TJeQHCW4:lMvbVHYMHvZQ342t/D1CW4

authentihash 3d66f3366498638b0487d66487a05fd59709115e0fa2d1966feecb96ffae32a9
imphash c00e20f56d65068b81a1a5324d461344
File size 24.4 KB ( 24960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe armadillo native

VirusTotal metadata
First submission 2011-09-18 17:04:45 UTC ( 6 years, 2 months ago )
Last submission 2017-11-15 12:40:08 UTC ( 4 days, 16 hours ago )
File names smona132022947487472893624
d17c6a9ed7299a8a55cd962bdb8a5a974d0cb6600eecd17c6c215b358b7b872b74bfd800
d17c6a9ed7299a8a55cd962bdb8a5a974d0cb660
file-2961568_
0eecd17c6c215b358b7b872b74bfd800.virus
0EECD17C6C215B358B7B872B74BFD800 (jminet7.sys).exe
0eecd17c6c215b358b7b872b74bfd800
smona131926575725562290151
jminet7.sys_
smona131911269524018625965
duqu0e.dll
0eecd17c6c215b358b7b872b74bfd800.sys
0EECD17C6C215B358B7B872B74BFD800.dll
0EECD17C6C215B358B7B872B74BFD800.dll
duqu.exe
Win32-Duqu-Driver2.exe
f2b631fcdf83b928661a7e09dd11fa640251a4850ff570436f3b16abef0fad10
malware3.exe
smona132022942368633618348
jminet7.sy
VirusShare_0eecd17c6c215b358b7b872b74bfd800
duqu_normal
0eecd17c6c215b358b7b872b74bfd800.ex#
jminet7.sys
F2B631FCDF83B928661A7E09DD11FA640251A4850FF570436F3B16ABEF0FAD10
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!