Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
Compilation Date | 2020-Sep-02 20:29:57 |
Debug artifacts |
C:\work_exp\Source\DataRecovery\Temp\BIN\DeepSparUSB\x64\Release\DeepSparUSBFull.pdb
|
CompanyName | DeepSpar |
FileDescription | DeepSpar USB Storage Driver (x64) |
FileVersion | 2.03c |
InternalName | DeepSparUSB.sys |
LegalCopyright | Copyright (C) DeepSpar |
OriginalFilename | DeepSparUSB.sys |
ProductName | DeepSpar USB Storage Driver |
ProductVersion | 2.03c |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Info | The PE is digitally signed. |
Signer: DeepSpar (ACE Data Recovery Engineering Inc.)
Issuer: COMODO RSA Extended Validation Code Signing CA |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2020-Sep-02 20:29:57 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x18400 |
SizeOfInitializedData | 0x4a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001184 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | A.0 |
ImageVersion | A.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x21000 |
SizeOfHeaders | 0x400 |
Checksum | 0x250e0 |
Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ntoskrnl.exe |
KeSetEvent
KeSetPriorityThread KeWaitForSingleObject PsCreateSystemThread PsTerminateSystemThread ObReferenceObjectByHandle ObfDereferenceObject ZwClose RtlCompareMemory KeInitializeDpc KeDelayExecutionThread KeInitializeTimer KeCancelTimer KeSetTimer FsRtlIsNameInExpression vDbgPrintEx ExSystemTimeToLocalTime RtlGetVersion KeReadStateEvent KeInitializeEvent RtlInitializeGenericTableAvl RtlDeleteElementGenericTableAvl RtlEnumerateGenericTableWithoutSplayingAvl IofCompleteRequest IoGetDeviceProperty IoRegisterPlugPlayNotification IoUnregisterPlugPlayNotificationEx IoGetDeviceAttachmentBaseRef ObReferenceObjectByName wcscmp IoDriverObjectType MmMapLockedPagesSpecifyCache RtlPrefixUnicodeString KeBugCheckEx RtlInitUnicodeString RtlCopyUnicodeString ExFreePoolWithTag ExAllocatePoolWithTag KeQueryUnbiasedInterruptTimePrecise |
---|---|
WDFLDR.SYS |
WdfVersionBind
WdfVersionUnbind WdfVersionUnbindClass WdfVersionBindClass |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.3.0.0 |
ProductVersion | 2.3.0.0 |
FileFlags |
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DRV
|
FileSubtype | VFT2_DRV_SYSTEM |
Language | UNKNOWN |
CompanyName | DeepSpar |
FileDescription | DeepSpar USB Storage Driver (x64) |
FileVersion (#2) | 2.03c |
InternalName | DeepSparUSB.sys |
LegalCopyright | Copyright (C) DeepSpar |
OriginalFilename | DeepSparUSB.sys |
ProductName | DeepSpar USB Storage Driver |
ProductVersion (#2) | 2.03c |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Sep-02 20:29:57 |
Version | 0.0 |
SizeofData | 109 |
AddressOfRawData | 0x19720 |
PointerToRawData | 0x18720 |
Referenced File | C:\work_exp\Source\DataRecovery\Temp\BIN\DeepSparUSB\x64\Release\DeepSparUSBFull.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Sep-02 20:29:57 |
Version | 0.0 |
SizeofData | 504 |
AddressOfRawData | 0x19790 |
PointerToRawData | 0x18790 |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14001b2d0 |
XOR Key | 0x17d8f882 |
---|---|
Unmarked objects | 0 |
136 (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 2 |
Total imports | 50 |
Imports (VS2017 v15.?.? build 25203) | 3 |
C objects (VS2017 v15.?.? build 25203) | 5 |
ASM objects (VS2017 v15.?.? build 25203) | 5 |
C objects (VS2017 v15.7.2 compiler 26429) | 1 |
C++ objects (VS2017 v15.7.2 compiler 26429) | 19 |
Resource objects (VS2017 v15.7.2 compiler 26429) | 1 |
Linker (VS2017 v15.7.2 compiler 26429) | 1 |