Manalyze report for 11a8585df4ade25f7109965c160c9fcb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2019-Apr-25 20:07:57
Detected languages	English - United States
Debug artifacts	beep.pdb
CompanyName	Microsoft Corporation
FileDescription	BEEP Driver
FileVersion	`10.0.15063.850 (WinBuild.160101.0800)`
InternalName	beep.sys
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	beep.sys
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.15063.850`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: GFIDS`
Safe	VirusTotal score: 0/68 (Scanned on 2018-02-12 08:12:41)	`All the AVs think this file is safe.`

Hashes

MD5	`11a8585df4ade25f7109965c160c9fcb`
SHA1	`d50ec5bb6e3731d3a4d08e2fa1f3470748d217c8`
SHA256	`f076d5c12f0de1ce578f609c158994fff87398088ebb5d69f954b5f05d92ec9d`
SHA3	`4aa83a0de6671933dc002c430b4e09905aae679e8347d34cb449aef1a7339220`
SSDeep	`96:QGB/BlCre6YlH5V5dWrPLHxjhDlgbd3zOKTuynGx67gz93BOEWKgo+Ww:QGFBlj62HKrjHxVkzbtGxSOBDWK1+W`
Imports Hash	`aa5c7e2730287fbb62614d0c4d306e68`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2019-Apr-25 20:07:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xc00`
SizeOfInitializedData	`0x1800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000006010 (Section: INIT)`
BaseOfCode	`0x1000`
ImageBase	`0x1c0000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x400`
Checksum	`0x8c9e`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b9022542bd21174eb233a4d581f6a068`
SHA1	`5d8401c297007f333edfac0f367fc0461212b4ad`
SHA256	`377efbcf14e215fc902c75ab0b3a16fc15e4447cd2dc6f161e0e683a794cb0c5`
SHA3	`e1b162d732783440c91eac96027baf43ecef2b837d9d038161d32c74d463c399`
VirtualSize	`0x8e7`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.33736`

.rdata

MD5	`20786c4d7bfc43bd6206e82ce8ed2f94`
SHA1	`2c5ffc9feab77beb3f3532133d3196f82eb34ff8`
SHA256	`765cbb500168df102bdef90811f9297cfcef44e549fe4c101dbf71287a8e08bd`
SHA3	`72d4add1ec60ac6639ad026da2e094c3a994a7b08bb3d603e3c62fadf55863ea`
VirtualSize	`0x4e0`
VirtualAddress	`0x2000`
SizeOfRawData	`0x600`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`3.42407`

.data

MD5	`387d3cec6641bcedbf49389f4d198e83`
SHA1	`a5ff5a6a58828985858522a5a02f6e683a4ef067`
SHA256	`64ed6f4044eaae552556de4748902d6d95dee116bd8302b39afa9c630c3d95b6`
SHA3	`075395224218174499092ea74a5ae62c3cc56011efe22739531c5bc614510585`
VirtualSize	`0x8`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

.pdata

MD5	`722892b984291faf1a2213d9a2d74563`
SHA1	`eb38861c59500c7e283fc2832fe9bc8ee570f98a`
SHA256	`5f9ced151e1eaed2830cb6b676c78bc0f9ca978f7042bfe8ad6b0908b01d50d7`
SHA3	`c09060899ad348afe8f1eb8923c02ef0b75ab9de006174fb179093ab7f1decf1`
VirtualSize	`0x12c`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`2.38356`

.idata

MD5	`0075fa8e58e6ceb036d23ead207a2942`
SHA1	`39f460f8c5bc433c34e8544f9914c6b0dfa394f7`
SHA256	`59a450e947d826dc92838e44dc62c90447393f786a7aca090c863f54e8127148`
SHA3	`acf2a7add756fc2b2c1d34772090bb4ce48c6fca95bad448fa12b24142e4f330`
VirtualSize	`0x420`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`3.25501`

INIT

MD5	`c9cd0ffab6caf2bd222ee50d18279369`
SHA1	`04134c1e799aba2eaa4c15168479c9e19dd637d9`
SHA256	`ab5f4cd9830ae3782df6090bfaba29d00b08c572e67b745d3e78f2cea3c4cc48`
SHA3	`4c7b8a9d8e718d825b41c0d1628941df4e39814924662774e3aac01e909d5595`
VirtualSize	`0x53`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.0591`

GFIDS

MD5	`68af9718a65a7f0e60ddab6dae431808`
SHA1	`d6aa03171122bc26fbfe8345ef685ad117934563`
SHA256	`a59d2b3b09b696310264901e5a615343feffa53e5a14a0fb179547416db17909`
SHA3	`f7da381e9cc61894d2b66fb276993de55d44def9f6c3e9deb65bad0e7ae08104`
VirtualSize	`0x40`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.577291`

.rsrc

MD5	`874c913004233a5c2ba6ef2115aab388`
SHA1	`a57cb12e70f7a54630eea80dff61988491bee0d2`
SHA256	`55ab35a57b5b279374dccb760924ceee4758548e607a8a9551bf3ea5ae5ae528`
SHA3	`64f4303f27df59759b99e5387cea1fd93087a4de5cb79a9c4cbec2224f7d0f28`
VirtualSize	`0x3e0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.28182`

.reloc

MD5	`5fff8304a90f0809b50c385e74aecbda`
SHA1	`c07ad6abcd9553fb767700927ff2e3d2ddc18b9e`
SHA256	`1763e69b09fc79eae288bf163a04b3507f60f717d5a95f2f3f4069ed748fbcc8`
SHA3	`489e6b9d84ca6de88a37fc15c79900e3e9d46dfbcd83c10ef7a8d2689b500ac9`
VirtualSize	`0x28`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.442358`

Imports

ntoskrnl.exe	`IoStartNextPacket` `KeRemoveDeviceQueue` `MmUnlockPagableImageSection` `MmLockPagableDataSection` `ExReleaseFastMutex` `IoSetStartIoAttributes` `RtlInitUnicodeString` `KeInitializeSpinLock` `IoDeleteDevice` `IoStartPacket` `KeLowerIrql` `IoCsqInitialize` `ExAcquireFastMutex` `KeRemoveEntryDeviceQueue` `IoCreateDevice` `IoAcquireCancelSpinLock` `KeInitializeEvent` `KfRaiseIrql` `IofCompleteRequest` `IoReleaseCancelSpinLock` `IoGetRequestorSessionId` `KeAcquireSpinLockRaiseToDpc` `KeReleaseSpinLock` `IoCsqRemoveNextIrp` `IoCsqInsertIrp`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50934`
MD5	`04dc5e60b8e3ff2bb69f5efdd04d2c27`
SHA1	`69888123a37fc4857d5371c00f7be6aa67c2163f`
SHA256	`7261ff53b6dd4a96b6d263a2dd563300d2732d473bbfed6b7b58b4e521695abb`
SHA3	`5fc60bc6acce9e1045c4a54c3ddc78d4d2cbc42fe2af6f2ca82c52b176c15e13`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.15063.850
ProductVersion	10.0.15063.850
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DRV`
FileSubtype	VFT2_DRV_SYSTEM
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	BEEP Driver
FileVersion (#2)	10.0.15063.850 (WinBuild.160101.0800)
InternalName	beep.sys
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	beep.sys
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.15063.850

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Apr-25 20:07:57
Version	`0.0`
SizeofData	`33`
AddressOfRawData	`0x2174`
PointerToRawData	`0xf74`
Referenced File	beep.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Apr-25 20:07:57
Version	`0.0`
SizeofData	`496`
AddressOfRawData	`0x2198`
PointerToRawData	`0xf98`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2019-Apr-25 20:07:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xf4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1c0003000`
GuardCFCheckFunctionPointer	`7516213456`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xc2363d91`
Unmarked objects	`0`
Total imports	`25`
Imports (24610)	`3`
C objects (24610)	`2`
ASM objects (24610)	`3`
269 (24610)	`5`
Resource objects (24610)	`1`
Linker (24610)	`1`

11a8585df4ade25f7109965c160c9fcb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.idata

INIT

GFIDS

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors