004e0ea6b408a235c3a447f68d9449c5

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_NATIVE
Compilation Date 2020-Sep-02 20:29:57
Debug artifacts C:\work_exp\Source\DataRecovery\Temp\BIN\DeepSparUSB\x64\Release\DeepSparUSBFull.pdb
CompanyName DeepSpar
FileDescription DeepSpar USB Storage Driver (x64)
FileVersion 2.03c
InternalName DeepSparUSB.sys
LegalCopyright Copyright (C) DeepSpar
OriginalFilename DeepSparUSB.sys
ProductName DeepSpar USB Storage Driver
ProductVersion 2.03c

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Info The PE is digitally signed. Signer: DeepSpar (ACE Data Recovery Engineering Inc.)
Issuer: COMODO RSA Extended Validation Code Signing CA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 004e0ea6b408a235c3a447f68d9449c5
SHA1 716a15e4acbb47410ddab3b593edd138645c964b
SHA256 f7e88a140693f6608e8c36c359923b95c6ff5c55c96ced2a189b990f463f8f7d
SHA3 a8f7cce6cbc4f1f9764e51e7ef6137b2f1392803a2e14cfa899807077fddf331
SSDeep 3072:1fVcB3x4nrzqAhLPjkbZeC+GmVKpSHF9lLr6jpq6eqCgK0:1fV23Cnr7BkY3zlLujpsW
Imports Hash 5676188769480e3c304a56777bd15543

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2020-Sep-02 20:29:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x18400
SizeOfInitializedData 0x4a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001184 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x21000
SizeOfHeaders 0x400
Checksum 0x250e0
Subsystem IMAGE_SUBSYSTEM_NATIVE
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 742a3c8ce5152ddfe88c2d813edc19d5
SHA1 024877f76d770f825b1b493a79078d600e5d0428
SHA256 b28b66ed9b84b78c4730376652b26bb7732f968ec2a096effc693fea4b8e3c98
SHA3 e26a57f23763ce92cb7de6300684ed05d8c07ce510039978ffa42c75317365ca
VirtualSize 0x17b4c
VirtualAddress 0x1000
SizeOfRawData 0x17c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 6.38748

.rdata

MD5 da1bf5470d85518ab36286c99bc35ec3
SHA1 5923666b5b23e0e4e1822b9e9f51e1b343cb06d0
SHA256 ffded9b61f59fab4747e4f6177222cfbde782240f7fec1e26de8c926f8c0a16a
SHA3 5106d08b98a05be354db3b088bb75b1981305332509390a988b4a463c5528b06
VirtualSize 0x184c
VirtualAddress 0x19000
SizeOfRawData 0x1a00
PointerToRawData 0x18000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 4.70998

.data

MD5 fa4b79331310e3bd616ba65c161dc6ee
SHA1 48e362461bd5406f6df07c9b2c70e0bb45f24d8b
SHA256 f2d1ac7e4edfcd03e68cab8f0fd3d8f1d57669e4626e4007a567e1d8612c536e
SHA3 30a89d04e6caa720db7e6fabc46b5086e233f296fd6123d1997dd0aa0096a47f
VirtualSize 0x1978
VirtualAddress 0x1b000
SizeOfRawData 0x400
PointerToRawData 0x19a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.70599

.pdata

MD5 236faca9412cb97dfbbc2c9a68cf924a
SHA1 53da26893ade79f67aa3b367b0c66f53f9e15d4b
SHA256 c9d1b1ff8c8b61957d627977123b35c57b41acdf72857d52d00abdcd1fdbdd90
SHA3 db53b7db301c1a657d8ef7f77b3de75647ee74d31974989f9d9bfe761741705a
VirtualSize 0xe10
VirtualAddress 0x1d000
SizeOfRawData 0x1000
PointerToRawData 0x19e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 4.5809

INIT

MD5 98dc8b39385997692e1edc612b3187c8
SHA1 da2c17cf30f41787e0486716b18f630df674784f
SHA256 ddd831ce0931542cab252a5f255ffcded154bf9249ac822285917c67ba605c41
SHA3 ebacf7f4a6415950c7648718239c1f9c32f20e64e3eb907f236c696b82965df9
VirtualSize 0x618
VirtualAddress 0x1e000
SizeOfRawData 0x800
PointerToRawData 0x1ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.44151

.rsrc

MD5 7e608e6b6230b33f2576573325cc8d8f
SHA1 abf396214f9acb10d08c57d68d6bbdc5817a34d0
SHA256 7f2de759e235e0d7a8ed190ca9f918aeee476e990d818b3c3057f8352a338792
SHA3 65699480ec410b1d0d9d0df8fbdf5d412842f9f15d716961aab90107311e85fe
VirtualSize 0x3f8
VirtualAddress 0x1f000
SizeOfRawData 0x400
PointerToRawData 0x1b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.48803

.reloc

MD5 c14de65064ca016bec939e0f89256f47
SHA1 fa4910f0279a71d71eb642c1c21743c3e6395da7
SHA256 d8fa56879305ad194bad2e39050f50963bff44eb1bd80262858a8ba2c5b55f37
SHA3 5061e19e1a2bcd363e0d3bb78d18e6b89266c20b210b2fad7c12dfdd2c6fc630
VirtualSize 0x80
VirtualAddress 0x20000
SizeOfRawData 0x200
PointerToRawData 0x1ba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.70029

Imports

ntoskrnl.exe KeSetEvent
KeSetPriorityThread
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
RtlCompareMemory
KeInitializeDpc
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimer
FsRtlIsNameInExpression
vDbgPrintEx
ExSystemTimeToLocalTime
RtlGetVersion
KeReadStateEvent
KeInitializeEvent
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
IofCompleteRequest
IoGetDeviceProperty
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotificationEx
IoGetDeviceAttachmentBaseRef
ObReferenceObjectByName
wcscmp
IoDriverObjectType
MmMapLockedPagesSpecifyCache
RtlPrefixUnicodeString
KeBugCheckEx
RtlInitUnicodeString
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
KeQueryUnbiasedInterruptTimePrecise
WDFLDR.SYS WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Delayed Imports

RESNAME

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x37
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.76728
MD5 376098a7c6047b73f6d1d8edc42528a9
SHA1 355e3a4e3062421e5a00d484bfa5fa9a0e849854
SHA256 48434a6162b60bd68d891d24334910b53f05ad0292dbfb86beb054904684462c
SHA3 119b086c7cfc9f8ede328a29efe9c673d797c1b8d4459f475999aa623d7d20e3

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.37984
MD5 9643f0f370ddcd8c8885549f180e951c
SHA1 057683cd015c846c5c98cff59083023adfa8309f
SHA256 aa6d8fd0449cb1409e8cf35e343b0262693a9d95c252b182909ee3cee2e48ef0
SHA3 70fc7d31f4acc08bb7c17eca27ec0b51c1b1662f18a1049c33e3bd165f5b1abf

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.3.0.0
ProductVersion 2.3.0.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DRV
FileSubtype VFT2_DRV_SYSTEM
Language UNKNOWN
CompanyName DeepSpar
FileDescription DeepSpar USB Storage Driver (x64)
FileVersion (#2) 2.03c
InternalName DeepSparUSB.sys
LegalCopyright Copyright (C) DeepSpar
OriginalFilename DeepSparUSB.sys
ProductName DeepSpar USB Storage Driver
ProductVersion (#2) 2.03c
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Sep-02 20:29:57
Version 0.0
SizeofData 109
AddressOfRawData 0x19720
PointerToRawData 0x18720
Referenced File C:\work_exp\Source\DataRecovery\Temp\BIN\DeepSparUSB\x64\Release\DeepSparUSBFull.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Sep-02 20:29:57
Version 0.0
SizeofData 504
AddressOfRawData 0x19790
PointerToRawData 0x18790

TLS Callbacks

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14001b2d0

RICH Header

XOR Key 0x17d8f882
Unmarked objects 0
136 (VS2008 SP1 build 30729) 3
Imports (VS2008 SP1 build 30729) 2
Total imports 50
Imports (VS2017 v15.?.? build 25203) 3
C objects (VS2017 v15.?.? build 25203) 5
ASM objects (VS2017 v15.?.? build 25203) 5
C objects (VS2017 v15.7.2 compiler 26429) 1
C++ objects (VS2017 v15.7.2 compiler 26429) 19
Resource objects (VS2017 v15.7.2 compiler 26429) 1
Linker (VS2017 v15.7.2 compiler 26429) 1

Errors

<-- -->