Manalyze report for 2098b8556d1cec2aca9a29cd479e3692

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2010-Nov-20 09:28:05
Detected languages	English - United States
Debug artifacts	srv.pdb
CompanyName	Microsoft Corporation
FileDescription	Server driver
FileVersion	`6.1.7601.17514 (win7sp1_rtm.101119-1850)`
InternalName	SRV.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRV.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.1.7601.17514`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: PAGE` `Unusual section name found: PAGE8FIL` `Section INIT is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: DbgPrint` `Uses Windows's Native API: ZwClose NtQueryVolumeInformationFile NtOpenFile NtQueryInformationFile ZwUnmapViewOfSection ZwMapViewOfSection ZwCreateSection NtReadFile NtSetInformationFile NtWriteFile ZwOpenEvent ZwOpenKey ZwQueryValueKey ZwSetValueKey NtQuerySecurityObject NtDeviceIoControlFile NtSetVolumeInformationFile NtSetSecurityObject NtQueryQuotaInformationFile NtSetQuotaInformationFile ZwDuplicateObject NtClose NtSetInformationThread NtFreeVirtualMemory NtAllocateVirtualMemory`
Info	The PE's resources present abnormal characteristics.	`Resource MOFRESOURCENAME is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/73 (Scanned on 2020-01-06 03:37:54)	`All the AVs think this file is safe.`

Hashes

MD5	`2098b8556d1cec2aca9a29cd479e3692`
SHA1	`1a97cdd9d2e92dd62207093bcd311853520f2674`
SHA256	`d5826407c64f18c16eb36e6f00787cfafcd9b24b5bd8ad126ad01e6e4134966f`
SHA3	`8946083f64e56430283b1e885ddac5e77e906e2049c64fb9a9a10f04a6425b68`
SSDeep	`6144:SqFh3sht03WX/XmBG90lLGOmBSd8xgj6nws8hBrb/0Lf/8jCQE:SqrJdLGu866nQzbsQm`
Imports Hash	`5c1c79c13237e895179e6b50890263e0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2010-Nov-20 09:28:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.1`
SizeOfCode	`0x65800`
SizeOfInitializedData	`0x2de00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000009406C (Section: INIT)`
BaseOfCode	`0x1000`
ImageBase	`0x10000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x99000`
SizeOfHeaders	`0x400`
Checksum	`0x79b5f`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1f66c7b141589264446642f66a14d73c`
SHA1	`406d88fe5039d0b5c265d493d3ae0c155da6a77e`
SHA256	`b769f36fd71f57b3ce30d7ad83cdd001a93edb6e9a2e7f47d318c30e337eb01c`
SHA3	`0a5e4ddbed7cb8c90f62fe855debaca30165728c6f7b3dc49cf3825e3cd1048f`
VirtualSize	`0x13c98`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.2393`

.rdata

MD5	`a850a70b61edee6b7a4e524e701137ca`
SHA1	`0dfae2ba179bab66422e5c0a0948f411f40666a4`
SHA256	`dda28c6d55eaf0c0c2de1ab9df75b412502c158aef1de06ad6f64ed1cca600c1`
SHA3	`51406c6ee0496d80acadb5eada2808b4952767942a4034e565a17195087c50d4`
VirtualSize	`0x73b0`
VirtualAddress	`0x15000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.15338`

.data

MD5	`0e3dbb76ef2eaec61411044cc7b4e50e`
SHA1	`e7b55ce13d17bfe52ae240cc0dabc8e914434c7c`
SHA256	`ce45fe3267928a24ec1de0a8e6e206dd396b01ef1498df85d471025f554bc3eb`
SHA3	`48849470ebd2e07fd48e738a46ec2e5dd4ac9fcaeb9653474e5cc97726a828e9`
VirtualSize	`0x21d80`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.13365`

.pdata

MD5	`62b085d625972aac32d6637e19cbd2ea`
SHA1	`793bced0d76edc509a5b07252628196abcc3eef8`
SHA256	`b45f7fcad6cf0e09c6c86077aa908f79c2a7eaa0e062b907b3f5af429a6d39ed`
SHA3	`bf6439e21ab0828db8befd9bdffbac658fd341334385f13104fb5f6030b71fee`
VirtualSize	`0x4158`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.61422`

PAGE

MD5	`273d92b2e936ddbb53e1c5fa83ad30b8`
SHA1	`568e0b86f1b1b7efea9e6fdabd5d7f2b805d6e62`
SHA256	`ebafd5fef3fc1c95393ef40c3dc072f76f00051a61d4f7eb7dab1738d98dec08`
SHA3	`8f0889d7444c53660c0415144f7db3fcb756648957850379519b912a8158d79f`
VirtualSize	`0x4c326`
VirtualAddress	`0x44000`
SizeOfRawData	`0x4c400`
PointerToRawData	`0x20400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48432`

PAGE8FIL

MD5	`f229511b4dff670f8446b70aa927da99`
SHA1	`ad7c7e0c04f4a657f4344e98016acf5b99dbd7ed`
SHA256	`10ba6e3bae5d7ac4d584fa5c9931b08ccf51914ca07725965aa49dc05b7da67d`
SHA3	`3dcfd9149e15ba889994b5e86c99f05922ef9ec08472c343dfc1991ab03cca92`
VirtualSize	`0x254a`
VirtualAddress	`0x91000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x6c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20129`

INIT

MD5	`3ddb66bac88bfaa206adfdc68216ad7e`
SHA1	`da918c89b050db6f4e6be8fdfb7681dfd843bd76`
SHA256	`6ebaec739658aca12a1f62dd284d78dbfd22587f2a69139f9281abf43f62dc4c`
SHA3	`841952a3a82631f008293c0c0bf1cf662c18ee65ec41764addcb9dcc7402ab40`
VirtualSize	`0x2e40`
VirtualAddress	`0x94000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x6ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.54173`

.rsrc

MD5	`304cea1d8226809aa4f77baba13836f0`
SHA1	`3e83bc00b96674856aea3b30988a07f63d9ebf8a`
SHA256	`3c2265fb7537c06771d1c0be2fa260c3280763387af13f16f4074e648bd7f976`
SHA3	`58d91e9ca4d53e5945765bdc60838acbecd69c3c7fe49964c9fd36bb00415aac`
VirtualSize	`0x720`
VirtualAddress	`0x97000`
SizeOfRawData	`0x800`
PointerToRawData	`0x71e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.31694`

.reloc

MD5	`26f3bf611994320c37e6a3d7c41833bd`
SHA1	`dff29a57ca4ea9e32f361a11fa2498af3d7496d0`
SHA256	`84831e20293ec78dc3bf6ccbe0f4429e25b9ef91a33f0b9f0bea2b963bbbeadd`
SHA3	`8b1046d3265cec68eaba43f0077501ab636367bd282ec3a84099101bd1b76cef`
VirtualSize	`0x13c`
VirtualAddress	`0x98000`
SizeOfRawData	`0x200`
PointerToRawData	`0x72600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.92842`

Imports

ntoskrnl.exe	`RtlCompareMemory` `KeInitializeEvent` `ExInitializeResourceLite` `InitializeSListHead` `KeAcquireSpinLockRaiseToDpc` `KeReleaseSpinLock` `ExInterlockedRemoveHeadList` `ExAcquireResourceExclusiveLite` `RtlEqualUnicodeString` `ExReleaseResourceLite` `ExpInterlockedPopEntrySList` `ExDeleteResourceLite` `NlsMbOemCodePageTag` `RtlxUnicodeStringToOemSize` `RtlUnicodeStringToOemString` `KeResetEvent` `ExAcquireResourceSharedLite` `KeAcquireSpinLockAtDpcLevel` `KeReleaseSpinLockFromDpcLevel` `RtlUpcaseUnicodeChar` `KeGetCurrentProcessorNumberEx` `ExpInterlockedPushEntrySList` `ObfDereferenceObject` `IoGetRelatedDeviceObject` `IoFreeIrp` `IoCheckDesiredAccess` `PsIsThreadImpersonating` `IoGetCurrentProcess` `PsDereferencePrimaryToken` `PsDereferenceImpersonationToken` `PsImpersonateClient` `RtlCopyUnicodeString` `KeStackAttachProcess` `KeUnstackDetachProcess` `RtlLengthSecurityDescriptor` `ZwClose` `NtQueryVolumeInformationFile` `NtOpenFile` `NtQueryInformationFile` `KeInitializeTimer` `KeCancelTimer` `KeReadStateEvent` `KeInitializeDpc` `KeSetTargetProcessorDpcEx` `KeClearEvent` `KeSetTimer` `RtlOemStringToUnicodeString` `IoInitializeIrp` `MmBuildMdlForNonPagedPool` `ExFreePoolWithTag` `KeInsertQueue` `IoFreeMdl` `ZwUnmapViewOfSection` `ZwMapViewOfSection` `IoAllocateMdl` `MmProbeAndLockPages` `IofCallDriver` `IoCreateFile` `ZwCreateSection` `NtReadFile` `NtSetInformationFile` `NtWriteFile` `ObReferenceObjectByHandle` `RtlUpperChar` `ExAllocatePoolWithTag` `IoWMIWriteEvent` `MmGetSystemRoutineAddress` `IoWMIRegistrationControl` `IofCompleteRequest` `IoCreateDevice` `IoDeleteDevice` `KeInsertHeadQueue` `WmiGetClock` `IoIs32bitProcess` `KeEnterCriticalRegion` `KeLeaveCriticalRegion` `IoAllocateWorkItem` `MmUnlockPages` `KeQueryTimeIncrement` `IoGetRequestorProcess` `KeAttachProcess` `KeDetachProcess` `ExAllocatePoolWithTagPriority` `IoQueueWorkItem` `MmUnmapLockedPages` `IoBuildPartialMdl` `RtlFreeOemString` `ZwOpenEvent` `RtlAnsiStringToUnicodeString` `IoFreeWorkItem` `KeInitializeQueue` `RtlCreateSecurityDescriptor` `RtlLengthRequiredSid` `RtlInitializeSid` `MmMapLockedPagesSpecifyCache` `RtlLengthSid` `RtlCreateAcl` `RtlAddAccessAllowedAce` `RtlSetDaclSecurityDescriptor` `RtlSetOwnerSecurityDescriptor` `ZwOpenKey` `ZwQueryValueKey` `KeDelayExecutionThread` `KeRundownQueue` `RtlGetDaclSecurityDescriptor` `RtlGetOwnerSecurityDescriptor` `MmUnlockPagableImageSection` `_wcsupr` `KeGetProcessorNumberFromIndex` `KeReadStateQueue` `_wcsicmp` `ZwSetValueKey` `ExSystemTimeToLocalTime` `RtlTimeToSecondsSince1970` `NtQuerySecurityObject` `FsRtlDoesNameContainWildCards` `SeSinglePrivilegeCheck` `SeExports` `RtlTimeToTimeFields` `RtlTimeFieldsToTime` `ObfReferenceObject` `IoAllocateIrp` `IoQueueThreadIrp` `IoReuseIrp` `MmLockPagableDataSection` `IoCreateFileEx` `RtlPrefixUnicodeString` `IoCheckEaBufferValidity` `IoCheckFunctionAccess` `IoSetThreadHardErrorMode` `RtlIntegerToUnicodeString` `IoCancelIrp` `RtlInitString` `RtlInt64ToUnicodeString` `_stricmp` `wcschr` `strncmp` `IoFastQueryNetworkAttributes` `RtlSecondsSince1970ToTime` `IoCheckQuerySetFileInformation` `RtlUpcaseUnicodeStringToOemString` `NtDeviceIoControlFile` `RtlFreeAnsiString` `IoCheckQuerySetVolumeInformation` `NtSetVolumeInformationFile` `RtlValidRelativeSecurityDescriptor` `NtSetSecurityObject` `NtQueryQuotaInformationFile` `NtSetQuotaInformationFile` `_wcsnicmp` `RtlInitAnsiString` `RtlIsNameLegalDOS8Dot3` `FsRtlIsFatDbcsLegal` `NlsOemLeadByteInfo` `RtlUpcaseUnicodeToOemN` `RtlUnicodeToOemN` `IoSetFileOrigin` `PsAssignImpersonationToken` `RtlMapGenericMask` `SeFreePrivileges` `ExQueueWorkItem` `ObOpenObjectByPointer` `ZwDuplicateObject` `RtlAppendUnicodeToString` `RtlAppendUnicodeStringToString` `IoCreateFileSpecifyDeviceObjectHint` `FsRtlInitializeExtraCreateParameterList` `FsRtlInitializeExtraCreateParameter` `FsRtlInsertExtraCreateParameter` `RtlValidSecurityDescriptor` `RtlCompareUnicodeString` `KeQueryActiveProcessorCountEx` `KeGetRecommendedSharedDataAlignment` `_vsnwprintf` `IoBuildDeviceIoControlRequest` `NtClose` `toupper` `FsRtlIsNameInExpression` `RtlNtStatusToDosErrorNoTeb` `VerSetConditionMask` `RtlVerifyVersionInfo` `MmSizeOfMdl` `MmIsThisAnNtAsSystem` `PsCreateSystemThread` `NtSetInformationThread` `KeQueryGroupAffinity` `KeSetSystemGroupAffinityThread` `KeSetIdealProcessorThread` `KeRemoveQueue` `PsTerminateSystemThread` `NtFreeVirtualMemory` `NtAllocateVirtualMemory` `KeSetEvent` `RtlFreeUnicodeString` `RtlUpcaseUnicodeString` `KeWaitForSingleObject` `SeUnlockSubjectContext` `SeQueryAuthenticationIdToken` `SeLockSubjectContext` `SeReleaseSubjectContext` `SeCaptureSubjectContext` `ExInterlockedAddUlong` `ExLocalTimeToSystemTime` `KeBugCheckEx` `DbgPrint` `RtlSubAuthoritySid` `RtlInitUnicodeString` `ExAcquireFastMutex` `ExReleaseFastMutex` `__C_specific_handler`
WMILIB.SYS	`WmiCompleteRequest` `WmiSystemControl`
ksecdd.sys	`AddCredentialsW` `FreeCredentialsHandle` `AcquireCredentialsHandleW` `DeleteSecurityContext` `InitSecurityInterfaceW` `RevertSecurityContext` `QueryContextAttributesW` `ImpersonateSecurityContext` `MapSecurityError` `AcceptSecurityContext` `KSecValidateBuffer` `FreeContextBuffer` `SystemPrng`
srvnet.sys	`SrvLibIsNetworkAddress` `SrvNetCloseConnection` `SrvLibGetBaseFileName` `SrvXsSchedulePrintJob` `SrvAdminDeregisterFile` `SrvLibAuditForceAccess` `SrvAdminDeregisterSession` `SrvLibLookasideAllocate` `SrvLibLookasideFree` `SrvAdminDeregisterTreeConnect` `SrvAdminQueryResumeKeyTarget` `SrvAdminIsScopedName` `SrvLibLogError` `SrvLibIsLoggableError` `SrvLibGenerateSrvServiceSD` `SrvLibApplySrvDeviceAcl` `SrvLibFreeSrvServiceSD` `SrvNetReceiveData` `SrvNetGetQueueStatistics` `SrvNetRegisterClient` `SrvNetStartClient` `SrvXsConnect` `SrvNetInitializeStatisticsQueues` `SrvLibLookasideInitialize` `SrvLibLookasideCreatePool` `SrvLibLookasideDirectFreeBuffer` `SrvLibLookasideDirectNonPagedAllocateBuffer` `SrvLibLookasideDirectPagedAllocateBuffer` `SrvAdminRegisterProvider` `SrvNetStopClient` `SrvNetDeregisterClient` `SrvXsClosePrinter` `SrvXsDisconnect` `SrvAdminDeregisterProvider` `SrvNetDisableStatisticsQueue` `SrvLibLookasideDestroyPool` `SrvAdminRefreshAnonymousLists` `SrvAdminRefreshNoRemapPipeList` `SrvLibGetDWord` `SrvLibQueryLicensingDWord` `SrvLibSetSrvErrorLogIgnore` `SrvGraftName` `SrvNetFreePool` `SrvNetQueryConnectionInformation` `SrvNetSetConnectionInformation` `SrvNetSendData` `SrvXsAddPrintJob` `SrvAdminRemapPipeName` `SrvAdminRegisterFile` `SrvNetUpdateStatisticsFromQueues` `SrvNetUpdateIOCountFromQueues` `SrvAdminDoesShareAllowAnonymous` `SrvLibTruncateDnsName` `SrvAdminEvaluateServerAlias` `SrvAdminRegisterSession` `SrvLibIsFsctlDisallowed` `SrvLibIsDosDeviceName` `SrvAdminDoesPipeAllowAnonymous` `SrvLibAllocatePipeEa` `SrvLibFreePipeEa` `SrvLibAuditSuccessEnabled` `SrvLibAuditShareAccess` `SrvLibRetrieveMaximalAccessRightsForUser` `SrvLibAuditShareConnect` `SrvAdminRegisterTreeConnect` `SrvXsOpenPrinter` `SrvNetGetStatisticsAndLock` `SrvAdminSetUserLimit` `SrvNetQueryRssScalability` `SrvXsDownLevelAPI` `SrvAdminAuditSpnCheck` `SrvAdminCheckSpn` `SrvLibSeAccessCheck` `SrvAdminAllowIdlePowerDownForActivity` `SrvAdminInhibitIdlePowerDownForActivity` `SrvAdminInhibitIdlePowerDownForOpenFiles` `SrvAdminAllowIdlePowerDownForOpenFiles` `SrvNetDisconnectConnection`

Delayed Imports

MOFRESOURCENAME

Type	`MOFDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x19d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.12025`
MD5	`e8eac95b7295480dd4195e3fec7ea1c6`
SHA1	`4cfaff343829a802362fe1781b2724cbe542460c`
SHA256	`62bf34f8934d3170e46c8eacd55a3dc8140d36376ca8cd4962b50ecbe11d70eb`
SHA3	`c627e60b06eadf5fea43f20c894a18e80e5f1adf938e35872f3dd896b0212eb1`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76456`
MD5	`02b26c49835be79d2e4a76cdea93392a`
SHA1	`9d53110af688d76350a30b531c874d1148a519ed`
SHA256	`c0890fc77dd40ee79e55880e7cc710f1f5e3b272751075fdbdf8f05e59fb5c80`
SHA3	`7164fd3ffd97e0048549303c9015d04fd3b1ab739ab82339b13def897f7bb2a3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56046`
MD5	`ad9cc9875d9e53924a457ffbc12b4a33`
SHA1	`60c5264ab2841343a176207b0948adc662d4001d`
SHA256	`c35d4eb6301b2810177015e07c25d27c8aa22fca11ccdc80c9757d3443e40d23`
SHA3	`1355416d0ec0bf1462e121ddb95a221a77b9ac163d05084430b1987febd0ff9c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.7601.17514
ProductVersion	6.1.7601.17514
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DRV`
FileSubtype	VFT2_DRV_NETWORK
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Server driver
FileVersion (#2)	6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName	SRV.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRV.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.1.7601.17514

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2010-Nov-20 09:28:05
Version	`0.0`
SizeofData	`32`
AddressOfRawData	`0x14c78`
PointerToRawData	`0x14078`
Referenced File	srv.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2010-Nov-20 09:28:05
Version	`565.6526`
SizeofData	`4`
AddressOfRawData	`0x14c74`
PointerToRawData	`0x14074`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x367ecf5a`
Unmarked objects	`0`
Total imports	`305`
Imports (VS2008 SP1 build 30729)	`9`
ASM objects (VS2008 SP1 build 30729)	`4`
C objects (VS2008 SP1 build 30729)	`7`
142 (VS2008 SP1 build 30729)	`74`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

2098b8556d1cec2aca9a29cd479e3692

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

PAGE

PAGE8FIL

INIT

.rsrc

.reloc

Imports

Delayed Imports

MOFRESOURCENAME

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_RESERVED

TLS Callbacks

Load Configuration

RICH Header

Errors