2ba8f3250828ccdb4204ecf2c6f40b6a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_NATIVE
Compilation Date 2010-Nov-20 09:27:20
Detected languages English - United States
Debug artifacts srvnet.pdb
CompanyName Microsoft Corporation
FileDescription Server Network driver
FileVersion 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName SRVNET.SYS
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename SRVNET.SYS
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7601.17514

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Suspicious The PE is possibly packed. Unusual section name found: PAGE
Section INIT is both writable and executable.
Malicious The PE contains functions mostly used by malware. Functions which can be used for anti-debugging purposes:
  • DbgPrint
 Uses Windows's Native API:
  • NtCreateFile
  • ZwClose
  • NtDeviceIoControlFile
  • ZwOpenFile
  • ZwCreateEvent
  • ZwFsControlFile
  • ZwWaitForSingleObject
  • NtAllocateVirtualMemory
  • NtFreeVirtualMemory
  • ZwOpenThreadTokenEx
  • ZwOpenProcessTokenEx
  • ZwQueryInformationToken
  • ZwOpenKey
  • ZwQueryValueKey
  • ZwQueryLicenseValue
 Functions related to the privilege level:
  • ZwOpenProcessTokenEx
Safe VirusTotal score: 0/73 (Scanned on 2020-01-02 10:14:42) All the AVs think this file is safe.

Hashes

MD5 2ba8f3250828ccdb4204ecf2c6f40b6a
SHA1 266420b1b51cc52406fca3d87e662625bdd24a64
SHA256 22c4fbf9a87c46e69c48b681ff733d68d9cb7b7d73fb14c8c2a06e9009f9860e
SHA3 7baec42a2f349333dc88e83a1598bd2d3b276b06f2638903cc34fc240eede101
SSDeep 3072:E9zsyls+ZhK7DZ8QAjF+3TABc+p+IpizzkBKS7S3n:E5syW+XK7V8QgF+3TA6IpTu3
Imports Hash 1e4249fc382e0df8ec00b8697b7d2b3b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2010-Nov-20 09:27:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 9.1
SizeOfCode 0x20400
SizeOfInitializedData 0x9600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000002D06C (Section: INIT)
BaseOfCode 0x1000
ImageBase 0x10000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.1
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x31000
SizeOfHeaders 0x400
Checksum 0x34967
Subsystem IMAGE_SUBSYSTEM_NATIVE
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 047976d6d7044dfb71c0dfb98f63520d
SHA1 7ada6d5bf8628a7da53a6780db3fbedf14bf5643
SHA256 28e29bd48f92c01eefb06b47040847ae7cca1b9a0df9f5b728b8b64e4b6d4a2a
SHA3 e5d2067c5f8d94dd06f92f9aca554aeba7ed9f3b96ed8598fc0b549edc551fd1
VirtualSize 0x1749b
VirtualAddress 0x1000
SizeOfRawData 0x17600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 6.26119

.rdata

MD5 149ef7f685650c9b60b9b566ab330740
SHA1 915b463d187b33c04e189e10d3f3eab708a7395a
SHA256 dedc911f45ae173280728f4c0a9bb5b3e9dc1e39145d47a7e0154495b9e25a26
SHA3 9023d4def7c62dfd125ff68796922971447d56fb2a870c9de1b6ef37518d1383
VirtualSize 0x446c
VirtualAddress 0x19000
SizeOfRawData 0x4600
PointerToRawData 0x17a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 4.59078

.data

MD5 a6a5456c89ba2c561b737123865d5746
SHA1 c141cafcaae1f8c903c6155718350a259c676aad
SHA256 aa506cb93587b0ca28c2bd846565c6034265abde4044c3c11975742779e84135
SHA3 bf6e33e65347a80236c0bde8810558458ea0051dd0a6f7a7f99e14f832ad44ea
VirtualSize 0x14e8
VirtualAddress 0x1e000
SizeOfRawData 0x800
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.83651

.pdata

MD5 0aefc50e615f81fcffc5438af3a1e3a1
SHA1 a6677ca23471eb66c579c9860064c1e685e3e8ee
SHA256 21e9b8dd92b5802226a20478beca453b2db5a20155f3f2ec76d06404a9e94cde
SHA3 f19ff60693891ac8b3dc250ea9d38961f611b000d2b749ae1acfbf6b627b530d
VirtualSize 0x21f0
VirtualAddress 0x20000
SizeOfRawData 0x2200
PointerToRawData 0x1c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 5.21712

PAGE

MD5 27731110ef9cd3bd9b52b7db645d5c62
SHA1 8ff89e2e839200f6a39a5c8f5f5c37c5fe7855cc
SHA256 4f8409dc2f4c04da5b802a1f59c485b5e4f3266fac3e5e7ef1869c8238983d18
SHA3 7a4e93bb40a91872cabe57ffb63fca84265f641c0547d1099612644699148791
VirtualSize 0x71f8
VirtualAddress 0x23000
SizeOfRawData 0x7200
PointerToRawData 0x1ea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.23202

.edata

MD5 09f0b14b40d1f06a9b1f6882cdba81af
SHA1 5e305a4c1fad574ccf53a3bcb1791d8ee3344865
SHA256 f7b2c5597cef9a8dc5cf55ad9c1cadf79a0b579f60acb19c705f86e8bae9bd7a
SHA3 655f40a63416036e42ad0fe5437cdf7263a764870c44e3ff797f0f9230b391e3
VirtualSize 0x1035
VirtualAddress 0x2b000
SizeOfRawData 0x1200
PointerToRawData 0x25c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13354

INIT

MD5 82a2e99bad4a28ffde33420eec9c287c
SHA1 66a4a69725609c155d9773c27ea85eeadbdd8434
SHA256 d504f291badc24ee87c1e3c00ac46e9ac5ebe7b5972fb5f8ed1a08fae2af1eb8
SHA3 0f924e2b906ae175c40de655e9a677ac363d3e12606c12e1602526ca082b6f6c
VirtualSize 0x1bbe
VirtualAddress 0x2d000
SizeOfRawData 0x1c00
PointerToRawData 0x26e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.68924

.rsrc

MD5 5a21f9c31761aff721b874b365285ac3
SHA1 8b75d71eea9bc563e76ba2af479c06f4407fbb5a
SHA256 309476cb87fc625225add024fd807e50cf9b463c30b521560e4e790749905d14
SHA3 28756057e11eda3926baf1701c60d66763384713f71b74a7a817ae1bba23fc64
VirtualSize 0x3f8
VirtualAddress 0x2f000
SizeOfRawData 0x400
PointerToRawData 0x28a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.42347

.reloc

MD5 6e2c0d3f27dc31148c8d960275610af5
SHA1 1d8d10b0dedfed0defa097b35feed65899507ddc
SHA256 a8b30f42d12b9bb0622f0f2278a6154e42354145b1a52e4260a6a29ad8ddbf63
SHA3 fcdcd43160df1f9b3c82c508569d0187248e7cc08e4e7911d105260a3807e91e
VirtualSize 0x18c
VirtualAddress 0x30000
SizeOfRawData 0x200
PointerToRawData 0x28e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.6177

Imports

ntoskrnl.exe ExInitializeResourceLite
KeCancelTimer
KeAcquireSpinLockAtDpcLevel
ExAllocatePoolWithTagPriority
IofCallDriver
KeAcquireSpinLockRaiseToDpc
ExGetPreviousMode
MmMapLockedPagesSpecifyCache
IoGetRelatedDeviceObject
RtlUnicodeStringToOemString
RtlEqualUnicodeString
KeUnstackDetachProcess
NtCreateFile
ZwClose
ObReferenceObjectByHandle
IoFreeIrp
IoAllocateIrp
ObfDereferenceObject
RtlFreeOemString
DbgPrint
KeStackAttachProcess
KeLeaveCriticalRegion
KeGetCurrentProcessorNumberEx
KeEnterCriticalRegion
RtlGUIDFromString
KeClearEvent
IoQueueThreadIrp
ObfReferenceObject
NtDeviceIoControlFile
IoFreeMdl
IoQueueWorkItem
MmUnlockPages
RtlCaptureStackBackTrace
IoAllocateMdl
wcsncmp
_wcsicmp
RtlQueryRegistryValues
RtlIpv4AddressToStringW
RtlIpv4AddressToStringA
RtlIpv6AddressToStringW
RtlIpv6AddressToStringA
ExQueueWorkItem
MmUnmapLockedPages
MmBuildMdlForNonPagedPool
MmSizeOfMdl
KeBugCheckEx
KeQueryTimeIncrement
ExReleaseResourceLite
IoAllocateWorkItem
IoGetCurrentProcess
ExAcquireResourceSharedLite
KeSetEvent
IoDeleteDevice
RtlInitUnicodeString
IoWMIWriteEvent
KeReadStateQueue
ExFreePoolWithTag
IoWMIRegistrationControl
IoWriteOperationCount
ExAcquireResourceExclusiveLite
IoCreateDevice
IoReadTransferCount
ExDeleteResourceLite
RtlCompareMemory
KeSetTimer
IoWriteTransferCount
IoReadOperationCount
KeWaitForSingleObject
ExQueryDepthSList
IofCompleteRequest
KeQueryActiveProcessorCountEx
MmProbeAndLockPages
ExInitializePagedLookasideList
PoCreatePowerRequest
PoDeletePowerRequest
ExDeletePagedLookasideList
ZwOpenFile
ZwCreateEvent
ZwFsControlFile
ZwWaitForSingleObject
PoSetPowerRequest
PoClearPowerRequest
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableLikeADirectory
RtlLengthSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlValidSecurityDescriptor
RtlTimeToSecondsSince1980
NtAllocateVirtualMemory
NtFreeVirtualMemory
SeCaptureSubjectContext
SeFreePrivileges
SeReleaseSubjectContext
PsAssignImpersonationToken
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwOpenThreadTokenEx
ZwOpenProcessTokenEx
ZwQueryInformationToken
SeQueryAuthenticationIdToken
SeSetAuditParameter
SeReportSecurityEventWithSubCategory
SeAccessCheckEx
SeAuditingWithTokenForSubcategory
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
_wcsupr
wcsstr
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
ObSetSecurityObjectByPointer
RtlGetDaclSecurityDescriptor
ZwOpenKey
ZwQueryValueKey
ZwQueryLicenseValue
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExpInterlockedFlushSList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
KeDelayExecutionThread
KeInitializeTimer
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock
KeInitializeDpc
KeInitializeEvent
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
IoFreeWorkItem
ExReleaseFastMutex
ExAcquireFastMutex
__C_specific_handler
TDI.SYS TdiOpenNetbiosAddress
TdiRegisterPnPHandlers
TdiCopyBufferToMdl
TdiDeregisterPnPHandlers
NETIO.SYS ConvertInterfaceGuidToLuid
NmrClientAttachProvider
GetIfTable2
FreeMibTable
NmrWaitForClientDeregisterComplete
NmrDeregisterClient
NmrRegisterClient
ConvertInterfaceLuidToIndex
msrpc.sys I_RpcExceptionFilter
RpcBindingSetOption
RpcSsDestroyClientContext
RpcBindingUnbind
RpcBindingBind
RpcAsyncInitializeHandle
RpcBindingFree
RpcBindingCreateW
RpcAsyncCompleteCall
RpcAsyncCancelCall
Ndr64AsyncClientCall
ksecdd.sys FreeCredentialsHandle
AcquireCredentialsHandleW
ImpersonateSecurityContext
AcceptSecurityContext
FreeContextBuffer
DeleteSecurityContext
MapSecurityError
AddCredentialsW

Delayed Imports

SrvAdminAllowIdlePowerDownForActivity

Ordinal 1
Address 0xddb0

SrvAdminAllowIdlePowerDownForOpenFiles

Ordinal 2
Address 0x2af0

SrvAdminAuditSpnCheck

Ordinal 3
Address 0x12bf0

SrvAdminCheckSpn

Ordinal 4
Address 0x13070

SrvAdminDeregisterFile

Ordinal 5
Address 0x28b0

SrvAdminDeregisterProvider

Ordinal 6
Address 0x13620

SrvAdminDeregisterSession

Ordinal 7
Address 0x4310

SrvAdminDeregisterTreeConnect

Ordinal 8
Address 0x4290

SrvAdminDoesPipeAllowAnonymous

Ordinal 9
Address 0xdc10

SrvAdminDoesShareAllowAnonymous

Ordinal 10
Address 0xdb30

SrvAdminEvaluateServerAlias

Ordinal 11
Address 0x5180

SrvAdminInhibitIdlePowerDownForActivity

Ordinal 12
Address 0x60e0

SrvAdminInhibitIdlePowerDownForOpenFiles

Ordinal 13
Address 0x2d70

SrvAdminIsScopedName

Ordinal 14
Address 0x4f90

SrvAdminQueryResumeKeyTarget

Ordinal 15
Address 0x6330

SrvAdminRefreshAllowedServerNameList

Ordinal 16
Address 0x133f0

SrvAdminRefreshAnonymousLists

Ordinal 17
Address 0x12af0

SrvAdminRefreshNoRemapPipeList

Ordinal 18
Address 0x12a20

SrvAdminRegisterFile

Ordinal 19
Address 0x2b20

SrvAdminRegisterProvider

Ordinal 20
Address 0x15070

SrvAdminRegisterSession

Ordinal 21
Address 0x5800

SrvAdminRegisterTreeConnect

Ordinal 22
Address 0x5290

SrvAdminRemapPipeName

Ordinal 23
Address 0x127a0

SrvAdminSetUserLimit

Ordinal 24
Address 0xdcb0

SrvAdminUpdateFileSessionID

Ordinal 25
Address 0x180e0

SrvGraftName

Ordinal 26
Address 0x27910

SrvLibAddCredentials

Ordinal 27
Address 0x26980

SrvLibAllocateNameList

Ordinal 28
Address 0x7390

SrvLibAllocatePipeEa

Ordinal 29
Address 0x6ba0

SrvLibApplySrvDeviceAcl

Ordinal 30
Address 0xcad0

SrvLibAuditForceAccess

Ordinal 31
Address 0x4090

SrvLibAuditShareAccess

Ordinal 32
Address 0x116f0

SrvLibAuditShareAddOrDelete

Ordinal 33
Address 0x11480

SrvLibAuditShareConnect

Ordinal 34
Address 0x64e0

SrvLibAuditShareModification

Ordinal 35
Address 0x10f20

SrvLibAuditSpnCheck

Ordinal 36
Address 0xd0d0

SrvLibAuditSuccessEnabled

Ordinal 37
Address 0x3fb0

SrvLibCheckAccess

Ordinal 38
Address 0xd360

SrvLibCloseCredentialHandle

Ordinal 39
Address 0x27820

SrvLibCloseNegotiateHandle

Ordinal 40
Address 0x27690

SrvLibCreateCredentialHandle

Ordinal 41
Address 0x27850

SrvLibCreateNegotiateHandle

Ordinal 42
Address 0x276c0

SrvLibCreateSelfSD

Ordinal 43
Address 0x14370

SrvLibFreeNameList

Ordinal 44
Address 0x10d40

SrvLibFreePipeEa

Ordinal 45
Address 0x6b90

SrvLibFreeSrvServiceSD

Ordinal 46
Address 0x10700

SrvLibGenerateSrvServiceSD

Ordinal 47
Address 0x10760

SrvLibGetBaseFileName

Ordinal 48
Address 0x4030

SrvLibGetBinary

Ordinal 49
Address 0x271c0

SrvLibGetDWord

Ordinal 50
Address 0x26870

SrvLibGetMultiSZList

Ordinal 51
Address 0x27360

SrvLibIsDosDeviceName

Ordinal 52
Address 0x3fc0

SrvLibIsDottedDnsName

Ordinal 53
Address 0x5030

SrvLibIsFsctlDisallowed

Ordinal 54
Address 0xca50

SrvLibIsLoggableError

Ordinal 55
Address 0xca00

SrvLibIsNetworkAddress

Ordinal 56
Address 0x6d50

SrvLibLogError

Ordinal 57
Address 0xc8c0

SrvLibLookasideAllocate

Ordinal 58
Address 0x3f00

SrvLibLookasideCreatePool

Ordinal 59
Address 0x10620

SrvLibLookasideDestroyPool

Ordinal 60
Address 0x105b0

SrvLibLookasideDirectFreeBuffer

Ordinal 61
Address 0x3ea0

SrvLibLookasideDirectNonPagedAllocateBuffer

Ordinal 62
Address 0x4230

SrvLibLookasideDirectPagedAllocateBuffer

Ordinal 63
Address 0x41d0

SrvLibLookasideFlush

Ordinal 64
Address 0xc830

SrvLibLookasideFree

Ordinal 65
Address 0x3dc0

SrvLibLookasideInitialize

Ordinal 66
Address 0xc8a0

SrvLibParseSpnName

Ordinal 67
Address 0x10d90

SrvLibQueryCredentialHandle

Ordinal 68
Address 0xd430

SrvLibQueryLicensingDWord

Ordinal 69
Address 0xca80

SrvLibRetrieveMaximalAccessRightsForUser

Ordinal 70
Address 0x23010

SrvLibSeAccessCheck

Ordinal 71
Address 0x3c50

SrvLibSearchNameFromList

Ordinal 72
Address 0xcf00

SrvLibSetSrvErrorLogIgnore

Ordinal 73
Address 0xca30

SrvLibStandardizeIpAddress

Ordinal 74
Address 0xcf90

SrvLibTruncateDnsName

Ordinal 75
Address 0x50d0

SrvNetAddServedName

Ordinal 76
Address 0x25000

SrvNetAllocateBuffer

Ordinal 77
Address 0x3860

SrvNetAllocatePoolWithTag

Ordinal 78
Address 0x3570

SrvNetAllocatePoolWithTagPriority

Ordinal 79
Address 0xf830

SrvNetCloseConnection

Ordinal 80
Address 0x4a70

SrvNetDecrementConnectionActiveCount

Ordinal 81
Address 0x4ea0

SrvNetDeleteServedName

Ordinal 82
Address 0x24bd0

SrvNetDeregisterClient

Ordinal 83
Address 0x29d20

SrvNetDisableStatisticsQueue

Ordinal 84
Address 0xf220

SrvNetDisconnectConnection

Ordinal 85
Address 0x4ec0

SrvNetEnumerateServedName

Ordinal 86
Address 0x29170

SrvNetFreeBuffer

Ordinal 87
Address 0x3740

SrvNetFreePool

Ordinal 88
Address 0x3500

SrvNetGetConnectionNumber

Ordinal 89
Address 0xf1f0

SrvNetGetLastProcessorNumber

Ordinal 90
Address 0x36d0

SrvNetGetMaxQueueLength

Ordinal 91
Address 0xf0d0

SrvNetGetQueueStatistics

Ordinal 92
Address 0xf290

SrvNetGetRemapPipeByName

Ordinal 93
Address 0x5110

SrvNetGetStatisticsAndLock

Ordinal 94
Address 0xf770

SrvNetIncrementConnectionActiveCount

Ordinal 95
Address 0x6120

SrvNetInitializeStatisticsQueues

Ordinal 96
Address 0xf790

SrvNetQueryConnectionInformation

Ordinal 97
Address 0x23130

SrvNetQueryConnectionRTT

Ordinal 98
Address 0xe7e0

SrvNetQueryRssScalability

Ordinal 99
Address 0x6220

SrvNetReceiveData

Ordinal 100
Address 0x3040

SrvNetRegisterClient

Ordinal 101
Address 0x17290

SrvNetSendData

Ordinal 102
Address 0x1d40

SrvNetSetConnectionActiveCount

Ordinal 103
Address 0x6130

SrvNetSetConnectionInformation

Ordinal 104
Address 0x23410

SrvNetStartClient

Ordinal 105
Address 0xe9c0

SrvNetStopClient

Ordinal 106
Address 0xe980

SrvNetUpdateIOCountFromQueues

Ordinal 107
Address 0x1180

SrvNetUpdateMemStatistics

Ordinal 108
Address 0x36e0

SrvNetUpdateStatisticsFromQueues

Ordinal 109
Address 0x1010

SrvNotifyGroveler

Ordinal 110
Address 0x29590

SrvXsAddPrintJob

Ordinal 111
Address 0x282f0

SrvXsClosePrinter

Ordinal 112
Address 0x27df0

SrvXsConnect

Ordinal 113
Address 0x28ca0

SrvXsDisconnect

Ordinal 114
Address 0x28b50

SrvXsDownLevelAPI

Ordinal 115
Address 0x28890

SrvXsOpenPrinter

Ordinal 116
Address 0x28580

SrvXsSchedulePrintJob

Ordinal 117
Address 0x28070

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x398
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.56886
MD5 68c23e24940d6dafe660a39e17458e97
SHA1 af9fe7f8d96aaa767ec4386c00b97280d50831c9
SHA256 e57643b1a45f20846737d535e3bf21cab3dd26acfe211ad45939933ce78cc90c
SHA3 fedc1cc1553ac4c61b15bb54403d02cd8e635c07b388a3195825c73554471df9

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.1.7601.17514
ProductVersion 6.1.7601.17514
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DRV
FileSubtype VFT2_DRV_NETWORK
Language English - United States
CompanyName Microsoft Corporation
FileDescription Server Network driver
FileVersion (#2) 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName SRVNET.SYS
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename SRVNET.SYS
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 6.1.7601.17514
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2010-Nov-20 09:27:20
Version 0.0
SizeofData 35
AddressOfRawData 0x18478
PointerToRawData 0x17878
Referenced File srvnet.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics 0
TimeDateStamp 2010-Nov-20 09:27:20
Version 565.6526
SizeofData 4
AddressOfRawData 0x18474
PointerToRawData 0x17874

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd245d822
Unmarked objects 0
Total imports 180
Imports (VS2008 SP1 build 30729) 11
ASM objects (VS2008 SP1 build 30729) 4
C objects (VS2008 SP1 build 30729) 6
Exports (VS2008 SP1 build 30729) 1
142 (VS2008 SP1 build 30729) 52
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->