Manalyze report for 2e142e027f0aa698ba4dce49cbdb43cd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2015-Jul-10 03:15:41
Detected languages	English - United States
Debug artifacts	srvnet.pdb
CompanyName	Microsoft Corporation
FileDescription	Server Network driver
FileVersion	`10.0.10240.16384 (th1.150709-1700)`
InternalName	SRVNET.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRVNET.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.10240.16384`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Suspicious	The PE is possibly packed.	`Unusual section name found: ALMOSTRO` `Unusual section name found: PAGE` `Unusual section name found: GFIDS`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: DbgPrint` `Uses Windows's Native API: NtDeviceIoControlFile ZwOpenFile ZwClose NtCreateFile ZwDeviceIoControlFile ZwCreateEvent ZwFsControlFile ZwWaitForSingleObject ZwOpenKey ZwEnumerateValueKey ZwCreateKey ZwSetValueKey ZwOpenThreadTokenEx ZwOpenProcessTokenEx ZwQueryInformationToken NtAllocateLocallyUniqueId NtAllocateVirtualMemory NtFreeVirtualMemory ZwQueryValueKey ZwQueryLicenseValue` `Functions related to the privilege level: ZwOpenProcessTokenEx`
Safe	VirusTotal score: 0/65 (Scanned on 2018-06-02 06:12:32)	`All the AVs think this file is safe.`

Hashes

MD5	`2e142e027f0aa698ba4dce49cbdb43cd`
SHA1	`839bc97e1c7f598d763f4b8faade4f57a867f568`
SHA256	`a21027bbbc75a55a8b302d028113a0683016e4c72790a8c561ddb1ae7fdb4289`
SHA3	`874752e759b0169f1585cebda2c7bc763177357d96dffccfe2ac18ea28bc2240`
SSDeep	`3072:VjJ4rR1ROSnzzwbyreY0MRaG1PZiz5plApMF5rcnHMyt4gpC9HAH3rRMe12NhPH:9J4rROc8ert85nlWpai3rShgoQ`
Imports Hash	`ca85f48fc2c06941e7a16562aa5eacf3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2015-Jul-10 03:15:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0x2c200`
SizeOfInitializedData	`0xee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000003E030 (Section: INIT)`
BaseOfCode	`0x1000`
ImageBase	`0x1c0000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x42000`
SizeOfHeaders	`0x400`
Checksum	`0x41df6`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8ffe678cd66f0ce7216cc974dd21710a`
SHA1	`68f2d70b1901bc337012b762e10d617c1be71dea`
SHA256	`004faf8cd70169fe3df0ce96a592139aedc6bac5b66b6c2919ad8027c0863405`
SHA3	`df4ca5804dcbca21d3cca5369e902f3d604f1264d42724b386f8ebde8af8eae0`
VirtualSize	`0x1c66a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1c800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.39731`

.rdata

MD5	`5b0c055323e33fbaabd275609814cafd`
SHA1	`3645b4a057185744996eed5ca057882c593673fe`
SHA256	`70ef8040cfdfa6062e9d659d1496fd3fcb0ea84d1ce6f138e0c7f0e21965ce08`
SHA3	`68a1722c537302f0b7056700471416ebefeae56745de444d06f2f049a8644b39`
VirtualSize	`0x5c34`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x1cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`4.98716`

.data

MD5	`93c562fd322dd3f1b7e6cb48a515780d`
SHA1	`ef3db2bbf5864fe6aaca6ff361648dc27fd98270`
SHA256	`581e2bc6f4d3d2721ffc863f17466fec0ce2a2e8d27be64a83cf417cf442bb45`
SHA3	`5dd44e13b8618e9d25a09e4144b3c25aee705929d44b8cc5e2d3fa89e8ea6257`
VirtualSize	`0x1115`
VirtualAddress	`0x24000`
SizeOfRawData	`0x600`
PointerToRawData	`0x22a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.11995`

.pdata

MD5	`3fc5d79cc67364487709e45b006df183`
SHA1	`ebf50894eed4ff37392e3578f362f73f13d3d0bd`
SHA256	`dc33deb3c4ab666fb6a56dcd739622993cc928cf50a5757957d73193afd26678`
SHA3	`041559b0452f0a2e0eaedbfc47149888f9074bf25a3c709576614eb9381ff6fb`
VirtualSize	`0x258c`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.49368`

.idata

MD5	`e206a8016b0df10baa2bb04c51ab569b`
SHA1	`492ba045c27e94b79da8d9b9192713f351b99d85`
SHA256	`8e44b55ac4faa575a22df3ffcf40251cc6f8201d64aaecd9402ede3dad9952af`
SHA3	`d65d1a3dcdb5c96e733ff80b8eef84c289173f0698856da292cf9bf7b0830f27`
VirtualSize	`0x284e`
VirtualAddress	`0x29000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x25600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`4.892`

ALMOSTRO

MD5	`247a0ccdc311c3023c296ecfcb57f0db`
SHA1	`14868962ec686e895695faff0ba723ab7a5dc7bc`
SHA256	`7ca7a86d0a7e1b19f533bd6459761942bbd830bbcf9300885b8e1998a25069af`
SHA3	`9a85514d4a507b352766595e3878db7297f09fd444a21a488f127ee1b9737a8a`
VirtualSize	`0x590`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x600`
PointerToRawData	`0x28000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.92894`

PAGE

MD5	`8e7986ae94cb35a97d49fc79de56ec15`
SHA1	`dec6aa64d74dda3f2f92af9b7e20cc0ded80cfe0`
SHA256	`14a6505df197d129d2bbac82987f12b3d20dd153ff3f4c2c2d86fff974d89c8f`
SHA3	`70e56ad9b55edd59f025c3f08864cd4af6b2a42649afa1e9a287a92e658036d8`
VirtualSize	`0xee3f`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x28600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38183`

.edata

MD5	`4d4a94a5f9cfb221ac3180d20b038b6d`
SHA1	`842b379c2db46040b443e1cfa4369ba8f725da3b`
SHA256	`c5517e291237ffca472f63db6563651de2d6852143d550084487c937830cdf8d`
SHA3	`0afa09a7f68daecef50bf26163f1b5d2c7a014c8419a9167cb52bbbd21ff436a`
VirtualSize	`0x1942`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x37600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4702`

INIT

MD5	`ecadcffc73b1613cb1ca418b8185abfd`
SHA1	`dc5bb7137ccf627c594df9bd3c85498abd1f4afd`
SHA256	`5cb22aadf903cc5481772ae808cf7f94eca00b4e4060b7e421ffef28319c0234`
SHA3	`f613d7c3d1e8779b697e3c5b1d241d059ce07157d3b7ec32d027d629fc3cde74`
VirtualSize	`0x964`
VirtualAddress	`0x3e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x39000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95059`

GFIDS

MD5	`1376c4a22449516079fb7de35e630c81`
SHA1	`d8cc3cfa8c845d7fa801e4c285d8f7044a566450`
SHA256	`367d126b8486b40a3c044f06e8da19814c6f5d70e049e358278b81970e3ad028`
SHA3	`0c4a9216982625b54cc00e8e37727d45e4fffc7d563df0878ffdb456ee92f50f`
VirtualSize	`0x4b8`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x39a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.95135`

.rsrc

MD5	`475ac5b97d9018c03f3a9134b83606e1`
SHA1	`6bc617b75de7adca059bc455fef2f4d7dfc43a23`
SHA256	`4ffdce4047f65a994b534abbc8d9c01278bea7fec2241295f4cc6dd2df094938`
SHA3	`76e8d8bc36f73eadbe5d17579a1c647486d135261e7cb452b668a877a43b993a`
VirtualSize	`0x3f0`
VirtualAddress	`0x40000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.35524`

.reloc

MD5	`89866b7633f2eca44b33fceafb198f6d`
SHA1	`9cc7669392be1035229a740cf1c6f805b9c11bff`
SHA256	`43990b3aa7bf5c3ab395389bfde970c5a8bd40bf981a86bc47f1f9afc3c5d2d0`
SHA3	`c13c8a83b73377dc158015d14af7d37671eefe82e3d246e1d2bf4d11a501a1d1`
VirtualSize	`0x238`
VirtualAddress	`0x41000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.77349`

Imports

ntoskrnl.exe	`DbgPrint` `KeStackAttachProcess` `RtlGUIDFromString` `KeClearEvent` `IoQueueThreadIrp` `ObfReferenceObject` `IofCallDriver` `RtlUpcaseUnicodeString` `NtDeviceIoControlFile` `IoFreeMdl` `MmProbeAndLockPages` `MmUnlockPages` `RtlCaptureStackBackTrace` `RtlCopyUnicodeString` `IoAllocateMdl` `RtlAnsiStringToUnicodeString` `RtlFreeUnicodeString` `IoReuseIrp` `IoGetActivityIdThread` `KeGetCurrentNodeNumber` `EtwProviderEnabled` `KeBugCheckEx` `_wcsicmp` `RtlQueryRegistryValues` `RtlIpv4AddressToStringW` `RtlIpv4AddressToStringA` `IoClearActivityIdThread` `IoSetActivityIdThread` `RtlIpv6AddressToStringW` `RtlIpv6AddressToStringA` `IoQueueWorkItemEx` `IoUninitializeWorkItem` `RtlIpv6StringToAddressW` `RtlIpv4StringToAddressW` `IoInitializeWorkItem` `RtlFreeOemString` `ZwOpenFile` `IoSizeofWorkItem` `ExQueueWorkItem` `MmUnmapLockedPages` `ExpInterlockedPushEntrySList` `ExpInterlockedPopEntrySList` `MmBuildMdlForNonPagedPool` `MmSizeOfMdl` `ExQueryDepthSList` `IofCompleteRequest` `MmMapLockedPagesSpecifyCache` `ExGetPreviousMode` `KeAcquireSpinLockRaiseToDpc` `KeInitializeSpinLock` `ExAllocatePoolWithTagPriority` `KeAcquireSpinLockAtDpcLevel` `KeCancelTimer` `ExInitializeResourceLite` `IoQueueWorkItem` `IoCreateDevice` `ExDeleteResourceLite` `RtlCompareMemory` `KeQueryMaximumProcessorCountEx` `KeWaitForSingleObject` `KeQueryActiveProcessorCountEx` `KeQueryTimeIncrement` `ExReleaseResourceLite` `IoAllocateWorkItem` `IoGetCurrentProcess` `ExAcquireResourceSharedLite` `KeDelayExecutionThread` `KeInitializeTimer` `ObfDereferenceObject` `IoAllocateIrp` `IoFreeIrp` `KeReadStateQueue` `ObReferenceObjectByHandle` `ZwClose` `NtCreateFile` `EtwWrite` `KeUnstackDetachProcess` `RtlEqualUnicodeString` `RtlUnicodeStringToOemString` `ZwDeviceIoControlFile` `RtlRunOnceExecuteOnce` `RtlRunOnceInitialize` `VerSetConditionMask` `RtlVerifyVersionInfo` `ExInitializePagedLookasideList` `PoCreatePowerRequest` `PoDeletePowerRequest` `ExDeletePagedLookasideList` `ZwCreateEvent` `ZwFsControlFile` `ZwWaitForSingleObject` `PoSetPowerRequest` `PoClearPowerRequest` `qsort` `bsearch` `ZwOpenKey` `ZwEnumerateValueKey` `RtlCompareUnicodeString` `RtlInitializeGenericTableAvl` `RtlIsGenericTableEmptyAvl` `RtlEnumerateGenericTableAvl` `RtlDeleteElementGenericTableAvl` `RtlLookupElementGenericTableAvl` `RtlInsertElementGenericTableAvl` `RtlValidRelativeSecurityDescriptor` `RtlEnumerateGenericTableLikeADirectory` `RtlLengthSecurityDescriptor` `KeAcquireGuardedMutex` `KeReleaseGuardedMutex` `KeInitializeGuardedMutex` `ExInitializeRundownProtection` `ExWaitForRundownProtectionRelease` `ExAcquireRundownProtection` `ExReleaseRundownProtection` `RtlLengthSid` `RtlCopySid` `ZwCreateKey` `ZwSetValueKey` `RtlAbsoluteToSelfRelativeSD` `RtlValidSecurityDescriptor` `IoWMIWriteEvent` `RtlTimeToSecondsSince1980` `RtlPrefixUnicodeString` `_wcsupr` `wcsstr` `RtlIpv4AddressToStringExW` `RtlIpv6AddressToStringExW` `RtlLengthRequiredSid` `RtlInitializeSid` `RtlSubAuthoritySid` `RtlCreateAcl` `RtlAddAccessAllowedAce` `RtlCreateSecurityDescriptor` `RtlSetDaclSecurityDescriptor` `ObSetSecurityObjectByPointer` `RtlGetDaclSecurityDescriptor` `SeCaptureSubjectContext` `SeReleaseSubjectContext` `SeFreePrivileges` `PsAssignImpersonationToken` `ZwOpenThreadTokenEx` `ZwOpenProcessTokenEx` `ZwQueryInformationToken` `SeQueryAuthenticationIdToken` `SeSetAuditParameter` `SeReportSecurityEventWithSubCategory` `SeAccessCheckEx` `SeAuditingWithTokenForSubcategory` `RtlInitAnsiString` `LsaRegisterLogonProcess` `RtlInitString` `LsaLookupAuthenticationPackage` `LsaDeregisterLogonProcess` `NtAllocateLocallyUniqueId` `NtAllocateVirtualMemory` `LsaLogonUser` `NtFreeVirtualMemory` `LsaFreeReturnBuffer` `KfRaiseIrql` `KeLowerIrql` `ZwQueryValueKey` `ZwQueryLicenseValue` `IoAllocateErrorLogEntry` `IoWriteErrorLogEntry` `ExpInterlockedFlushSList` `ExInitializeNPagedLookasideList` `ExDeleteNPagedLookasideList` `ExFlushLookasideListEx` `ExInitializeLookasideListEx` `ExDeleteLookasideListEx` `KeEnterCriticalRegion` `KeReleaseSpinLockFromDpcLevel` `KeReleaseSpinLock` `EtwRegister` `KeInitializeDpc` `KeInitializeEvent` `MmGetSystemRoutineAddress` `IoFreeWorkItem` `KeSetEvent` `IoDeleteDevice` `RtlInitUnicodeString` `KeSetCoalescableTimer` `KeLeaveCriticalRegion` `ExFreePoolWithTag` `EtwUnregister` `IoWMIRegistrationControl` `KeQueryHighestNodeNumber` `ExAllocatePoolWithTag` `ExAcquireResourceExclusiveLite` `IoGetRelatedDeviceObject` `ExAcquireSpinLockExclusive` `ExReleaseSpinLockShared` `ExReleasePushLockSharedEx` `ExReleaseSpinLockExclusive` `ExReleasePushLockExclusiveEx` `ExAcquirePushLockSharedEx` `ExAcquirePushLockExclusiveEx` `ExAcquireSpinLockShared` `ExReleasePushLockEx` `__C_specific_handler`
TDI.SYS	`TdiOpenNetbiosAddress` `TdiRegisterPnPHandlers` `TdiCopyBufferToMdl` `TdiCopyMdlToBuffer` `TdiDeregisterPnPHandlers`
NETIO.SYS	`NsiGetAllParameters` `NmrRegisterClient` `NmrDeregisterClient` `NmrWaitForClientDeregisterComplete` `NmrClientAttachProvider` `NsiDeregisterChangeNotification` `GetUnicastIpAddressTable` `ConvertInterfaceLuidToIndex` `NsiAllocateAndGetTable` `ConvertInterfaceGuidToLuid` `NotifyUnicastIpAddressChange` `FreeMibTable` `NsiRegisterChangeNotification` `GetIfTable2` `GetUnicastIpAddressEntry` `NsiFreeTable` `CancelMibChangeNotify2`
msrpc.sys	`RpcBindingCreateW` `RpcBindingSetOption` `RpcSsDestroyClientContext` `RpcBindingUnbind` `RpcBindingBind` `RpcAsyncInitializeHandle` `I_RpcExceptionFilter` `RpcBindingFree` `RpcAsyncCompleteCall` `RpcAsyncCancelCall` `Ndr64AsyncClientCall`
ksecdd.sys	`BCryptHashData` `BCryptFinishHash` `BCryptDuplicateKey` `BCryptGenerateSymmetricKey` `BCryptCloseAlgorithmProvider` `BCryptDecrypt` `BCryptKeyDerivation` `BCryptDestroyKey` `BCryptCreateHash` `BCryptGetProperty` `AcquireCredentialsHandleW` `MapSecurityError` `FreeCredentialsHandle` `ImpersonateSecurityContext` `BCryptDestroyHash` `BCryptOpenAlgorithmProvider` `BCryptEncrypt` `BCryptSetProperty` `BCryptGenRandom`

Delayed Imports

SmbCryptoCreateApplicationKey

Ordinal	`1`
Address	`0xb9e0`

SmbCryptoCreateSigningKey

Ordinal	`2`
Address	`0xb990`

SmbCryptoHashCreate

Ordinal	`3`
Address	`0x329a0`

SmbCryptoHashDestroy

Ordinal	`4`
Address	`0x33220`

SmbCryptoHashFinish

Ordinal	`5`
Address	`0x18130`

SmbCryptoHashGetAlgorithmName

Ordinal	`6`
Address	`0x18140`

SmbCryptoHashGetOutputLength

Ordinal	`7`
Address	`0xda30`

SmbCryptoHashGetRecommendedSaltSize

Ordinal	`8`
Address	`0xdbc0`

SmbCryptoHashUpdate

Ordinal	`9`
Address	`0x18150`

SmbCryptoIsHashAlgIdValid

Ordinal	`10`
Address	`0x18160`

SmbCryptoReadCipherSuiteOrderPolicySetting

Ordinal	`11`
Address	`0x31fa0`

SmbCryptoUpdatePreauthIntegrityHashValue

Ordinal	`12`
Address	`0xd180`

SrvAdminAllowAnonymousAccess

Ordinal	`13`
Address	`0x7410`

SrvAdminAllowClusterPipeAccess

Ordinal	`14`
Address	`0x181b0`

SrvAdminAllowIdlePowerDownForActivity

Ordinal	`15`
Address	`0x7990`

SrvAdminAllowIdlePowerDownForOpenFiles

Ordinal	`16`
Address	`0x185e0`

SrvAdminAuditSpnCheck

Ordinal	`17`
Address	`0x18ad0`

SrvAdminCheckSpn

Ordinal	`18`
Address	`0x18f20`

SrvAdminDeleteFsctlAllowList

Ordinal	`19`
Address	`0x3a940`

SrvAdminDeregisterFile

Ordinal	`20`
Address	`0xa540`

SrvAdminDeregisterProvider

Ordinal	`21`
Address	`0x2840`

SrvAdminDeregisterSession

Ordinal	`22`
Address	`0x9a60`

SrvAdminDeregisterTreeConnect

Ordinal	`23`
Address	`0xa120`

SrvAdminDoesPipeAllowAnonymous

Ordinal	`24`
Address	`0x18250`

SrvAdminDoesShareAllowAnonymous

Ordinal	`25`
Address	`0x182f0`

SrvAdminEvaluateServerAlias

Ordinal	`26`
Address	`0x5350`

SrvAdminInhibitIdlePowerDownForActivity

Ordinal	`27`
Address	`0x7190`

SrvAdminInhibitIdlePowerDownForOpenFiles

Ordinal	`28`
Address	`0x18930`

SrvAdminInitializeFsctlAllowList

Ordinal	`29`
Address	`0x2e350`

SrvAdminIsFsctlAllowedForSmb1

Ordinal	`30`
Address	`0x3a990`

SrvAdminIsFsctlAllowedForSmb2

Ordinal	`31`
Address	`0x328a0`

SrvAdminIsScopedName

Ordinal	`32`
Address	`0xdb40`

SrvAdminIsScopedNameEx

Ordinal	`33`
Address	`0x5480`

SrvAdminNodeGetNextId

Ordinal	`34`
Address	`0x32790`

SrvAdminNodeGetSignature

Ordinal	`35`
Address	`0xb080`

SrvAdminNodeInitialize

Ordinal	`36`
Address	`0x2e410`

SrvAdminNodeInvalidateFile

Ordinal	`37`
Address	`0x3b0f0`

SrvAdminNodeInvalidateSession

Ordinal	`38`
Address	`0x3b4f0`

SrvAdminNodeUninitialize

Ordinal	`39`
Address	`0x2dc60`

SrvAdminNodeVerifySignature

Ordinal	`40`
Address	`0x3b8e0`

SrvAdminQueryResumeKeyTarget

Ordinal	`41`
Address	`0x9b30`

SrvAdminRefreshAllowedServerNameList

Ordinal	`42`
Address	`0x3c70`

SrvAdminRefreshAnonymousLists

Ordinal	`43`
Address	`0x3fa0`

SrvAdminRefreshFsctlAllowList

Ordinal	`44`
Address	`0x2ec10`

SrvAdminRefreshPipeList

Ordinal	`45`
Address	`0x4a60`

SrvAdminRegisterFile

Ordinal	`46`
Address	`0x8e60`

SrvAdminRegisterProvider

Ordinal	`47`
Address	`0x3d90`

SrvAdminRegisterSession

Ordinal	`48`
Address	`0x9ce0`

SrvAdminRegisterTreeConnect

Ordinal	`49`
Address	`0xa200`

SrvAdminRemapPipeName

Ordinal	`50`
Address	`0x183d0`

SrvAdminSetSessionIsCsvUser

Ordinal	`51`
Address	`0x3a9a0`

SrvAdminSetSessionName

Ordinal	`52`
Address	`0x32490`

SrvAdminSetUserLimit

Ordinal	`53`
Address	`0x7b60`

SrvAdminUpdateFileSessionID

Ordinal	`54`
Address	`0x19480`

SrvGraftName

Ordinal	`55`
Address	`0x33100`

SrvLibAllocateNameList

Ordinal	`56`
Address	`0x5d90`

SrvLibAllocatePipeEa

Ordinal	`57`
Address	`0xbd30`

SrvLibApplyDeviceAcl

Ordinal	`58`
Address	`0x2df70`

SrvLibApplySrvDeviceAcl

Ordinal	`59`
Address	`0x318a0`

SrvLibAuditForceAccess

Ordinal	`60`
Address	`0xb030`

SrvLibAuditShareAccess

Ordinal	`61`
Address	`0x1c170`

SrvLibAuditShareAddOrDelete

Ordinal	`62`
Address	`0x4830`

SrvLibAuditShareConnect

Ordinal	`63`
Address	`0xbee0`

SrvLibAuditShareModification

Ordinal	`64`
Address	`0xc8e0`

SrvLibAuditSpnCheck

Ordinal	`65`
Address	`0x1c5a0`

SrvLibAuditSuccessEnabled

Ordinal	`66`
Address	`0xb090`

SrvLibBufferToHex

Ordinal	`67`
Address	`0x1c8a0`

SrvLibCheckAccess

Ordinal	`68`
Address	`0x1c7d0`

SrvLibCleanupIdleLogic

Ordinal	`69`
Address	`0x2c00`

SrvLibCloseCredentialHandle

Ordinal	`70`
Address	`0x2dd80`

SrvLibCreateCredentialHandle

Ordinal	`71`
Address	`0x320a0`

SrvLibCreateSelfSD

Ordinal	`72`
Address	`0xd240`

SrvLibFilePowerManagementClose

Ordinal	`73`
Address	`0xabb0`

SrvLibFilePowerManagementInitialize

Ordinal	`74`
Address	`0x1c920`

SrvLibFilePowerManagementPreventIdle

Ordinal	`75`
Address	`0xac30`

SrvLibFreeNameList

Ordinal	`76`
Address	`0x1bf60`

SrvLibFreePipeEa

Ordinal	`77`
Address	`0xd9f0`

SrvLibFreeSrvServiceSD

Ordinal	`78`
Address	`0x3bc00`

SrvLibGenerateSrvServiceSD

Ordinal	`79`
Address	`0x31e00`

SrvLibGetBaseFileName

Ordinal	`80`
Address	`0x32640`

SrvLibGetBinary

Ordinal	`81`
Address	`0x2eaa0`

SrvLibGetDWord

Ordinal	`82`
Address	`0x2fac0`

SrvLibGetMultiSZList

Ordinal	`83`
Address	`0x2efd0`

SrvLibGetSelfSid

Ordinal	`84`
Address	`0x32f30`

SrvLibHasClaimsSentinel

Ordinal	`85`
Address	`0x3bc50`

SrvLibInitializeIdleLogic

Ordinal	`86`
Address	`0x7b20`

SrvLibIsAdmin

Ordinal	`87`
Address	`0x30fa0`

SrvLibIsAnonymous

Ordinal	`88`
Address	`0x335b0`

SrvLibIsDosDeviceName

Ordinal	`89`
Address	`0x32830`

SrvLibIsDottedDnsName

Ordinal	`90`
Address	`0x1bfa0`

SrvLibIsDottedQuadAddress

Ordinal	`91`
Address	`0x14a0`

SrvLibIsInteractive

Ordinal	`92`
Address	`0x335a0`

SrvLibIsLoggableError

Ordinal	`93`
Address	`0x1c930`

SrvLibIsNetwork

Ordinal	`94`
Address	`0x3bc60`

SrvLibIsNetworkAddress

Ordinal	`95`
Address	`0x5560`

SrvLibKeyExists

Ordinal	`96`
Address	`0x2ea40`

SrvLibLogError

Ordinal	`97`
Address	`0x1c960`

SrvLibLookasideAllocate

Ordinal	`98`
Address	`0x5fd0`

SrvLibLookasideCreatePool

Ordinal	`99`
Address	`0x71d0`

SrvLibLookasideDestroyPool

Ordinal	`100`
Address	`0x29c0`

SrvLibLookasideDirectFreeBuffer

Ordinal	`101`
Address	`0x29b0`

SrvLibLookasideDirectNonPagedAllocateBuffer

Ordinal	`102`
Address	`0x7430`

SrvLibLookasideDirectPagedAllocateBuffer

Ordinal	`103`
Address	`0x72c0`

SrvLibLookasideFlush

Ordinal	`104`
Address	`0x1ca90`

SrvLibLookasideFree

Ordinal	`105`
Address	`0x6ce0`

SrvLibMarkServerAsIdle

Ordinal	`106`
Address	`0x7930`

SrvLibMarkServerAsNotIdle

Ordinal	`107`
Address	`0x7130`

SrvLibParseSpnName

Ordinal	`108`
Address	`0x3ba10`

SrvLibQueryCredentialHandle

Ordinal	`109`
Address	`0xdb60`

SrvLibQueryLicensingDWord

Ordinal	`110`
Address	`0x78e0`

SrvLibRetrieveMaximalAccessRightsForUser

Ordinal	`111`
Address	`0x326a0`

SrvLibS4U2SelfAuth

Ordinal	`112`
Address	`0x3bc70`

SrvLibS4U2SelfCleanup

Ordinal	`113`
Address	`0x2dd60`

SrvLibS4U2SelfInitialize

Ordinal	`114`
Address	`0x31c80`

SrvLibSeAccessCheck

Ordinal	`115`
Address	`0x5c30`

SrvLibSearchNameFromList

Ordinal	`116`
Address	`0x3bb80`

SrvLibSetDWord

Ordinal	`117`
Address	`0x2e980`

SrvLibSetSrvErrorLogIgnore

Ordinal	`118`
Address	`0x7450`

SrvLibStandardizeIpAddress

Ordinal	`119`
Address	`0x1c000`

SrvLibTruncateDnsName

Ordinal	`120`
Address	`0x1360`

SrvLibUpdateIdleLogic

Ordinal	`121`
Address	`0xda70`

SrvNetAddServedName

Ordinal	`122`
Address	`0x2ff30`

SrvNetAllocateBuffer

Ordinal	`123`
Address	`0x8ac0`

SrvNetAllocateBufferNoTransportHeader

Ordinal	`124`
Address	`0x7b70`

SrvNetAllocatePoolWithTag

Ordinal	`125`
Address	`0x1b70`

SrvNetAllocatePoolWithTagPriority

Ordinal	`126`
Address	`0x13ed0`

SrvNetAllocateStatisticsQueuesEx

Ordinal	`127`
Address	`0x7ad0`

SrvNetCheckEndpointState

Ordinal	`128`
Address	`0x32dd0`

SrvNetCloseConnection

Ordinal	`129`
Address	`0xd6b0`

SrvNetConnectionWillSign

Ordinal	`130`
Address	`0x156d0`

SrvNetCreateAndRegisterCipherKeys

Ordinal	`131`
Address	`0xb570`

SrvNetDecrementConnectionActiveCount

Ordinal	`132`
Address	`0xdbf0`

SrvNetDeleteServedName

Ordinal	`133`
Address	`0x2d940`

SrvNetDereferenceEncryptionKey

Ordinal	`134`
Address	`0xdae0`

SrvNetDeregisterClient

Ordinal	`135`
Address	`0x2db30`

SrvNetDeregisterDecryptionKey

Ordinal	`136`
Address	`0xb290`

SrvNetDisableStatisticsQueue

Ordinal	`137`
Address	`0x2bb0`

SrvNetDisconnectConnection

Ordinal	`138`
Address	`0x98f0`

SrvNetEnumerateServedName

Ordinal	`139`
Address	`0x33270`

SrvNetFreeBuffer

Ordinal	`140`
Address	`0x95e0`

SrvNetFreePool

Ordinal	`141`
Address	`0x1b40`

SrvNetGetActiveProcessorCountAtServerStart

Ordinal	`142`
Address	`0x7b50`

SrvNetGetQueueStatistics

Ordinal	`143`
Address	`0x13fb0`

SrvNetGetServerNameFlags

Ordinal	`144`
Address	`0xd1f0`

SrvNetGetStatisticsAndLock

Ordinal	`145`
Address	`0x7b30`

SrvNetHostAddressAndPortToStringA

Ordinal	`146`
Address	`0xc380`

SrvNetHostAddressAndPortToStringW

Ordinal	`147`
Address	`0x5ad0`

SrvNetIncrementConnectionActiveCount

Ordinal	`148`
Address	`0xdbd0`

SrvNetInitializeStatisticsQueues

Ordinal	`149`
Address	`0x6d90`

SrvNetIsRdmaConnection

Ordinal	`150`
Address	`0xb070`

SrvNetIsTdiConnection

Ordinal	`151`
Address	`0xdb70`

SrvNetMarkConnectionAuthenticated

Ordinal	`152`
Address	`0x335c0`

SrvNetQueryConnectionInformation

Ordinal	`153`
Address	`0x33010`

SrvNetQueryConnectionRTT

Ordinal	`154`
Address	`0x168f0`

SrvNetQueryRssScalability

Ordinal	`155`
Address	`0x143d0`

SrvNetReadDirectData

Ordinal	`156`
Address	`0x37f20`

SrvNetReceiveData

Ordinal	`157`
Address	`0x16910`

SrvNetReceiveDataEx

Ordinal	`158`
Address	`0x16920`

SrvNetRegisterClient

Ordinal	`159`
Address	`0x6e60`

SrvNetSendData

Ordinal	`160`
Address	`0x8ca0`

SrvNetSetConnectionActiveCount

Ordinal	`161`
Address	`0xdb80`

SrvNetSetConnectionInboundMessageSizeLimit

Ordinal	`162`
Address	`0x33580`

SrvNetSetConnectionInformation

Ordinal	`163`
Address	`0x32a70`

SrvNetSetConnectionInstanceId

Ordinal	`164`
Address	`0xdbe0`

SrvNetSetConnectionServerName

Ordinal	`165`
Address	`0xd820`

SrvNetSetEndpointFlag

Ordinal	`166`
Address	`0x377c0`

SrvNetStartClient

Ordinal	`167`
Address	`0x7a90`

SrvNetStopClient

Ordinal	`168`
Address	`0x2b60`

SrvNetUpdateMemStatistics

Ordinal	`169`
Address	`0x1be0`

SrvNetUpdateStatisticsFromQueues

Ordinal	`170`
Address	`0xaee0`

SrvNetValidateMemoryDescriptors

Ordinal	`171`
Address	`0x39490`

SrvNetWriteDirectData

Ordinal	`172`
Address	`0x37f40`

SrvNotifyGroveler

Ordinal	`173`
Address	`0x39ae0`

SrvXsAddPrintJob

Ordinal	`174`
Address	`0x383c0`

SrvXsClosePrinter

Ordinal	`175`
Address	`0x386e0`

SrvXsConnect

Ordinal	`176`
Address	`0x30cc0`

SrvXsDisconnect

Ordinal	`177`
Address	`0x37f60`

SrvXsDownLevelAPI

Ordinal	`178`
Address	`0x380c0`

SrvXsOpenPrinter

Ordinal	`179`
Address	`0x38990`

SrvXsSchedulePrintJob

Ordinal	`180`
Address	`0x38c40`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x390`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53214`
MD5	`c7cb54e3c7461f9c0d3c9e888a683372`
SHA1	`3a2d0862fbeaef80756214f2c1ebf40eb5fe53b3`
SHA256	`8b504b3d7a9685b4aae01e02258b3c1c3f10209f0d02734d04114047931abc01`
SHA3	`86272887f2f116eb43215b7028b3bd0a4fc39d4ce75257fa2df4f6b9341a9abf`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.10240.16384
ProductVersion	10.0.10240.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DRV`
FileSubtype	VFT2_DRV_NETWORK
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Server Network driver
FileVersion (#2)	10.0.10240.16384 (th1.150709-1700)
InternalName	SRVNET.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRVNET.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.10240.16384

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Jul-10 03:15:41
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x1ff64`
PointerToRawData	`0x1eb64`
Referenced File	srvnet.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2015-Jul-10 03:15:41
Version	`0.0`
SizeofData	`1248`
AddressOfRawData	`0x1ff9c`
PointerToRawData	`0x1eb9c`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1c00243e8`
GuardCFCheckFunctionPointer	`7516362760`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x33c8b620`
Unmarked objects	`0`
Total imports	`253`
239 (40116)	`11`
242 (40116)	`4`
241 (40116)	`5`
238 (40116)	`1`
251 (40116)	`72`
Imports (40116)	`1`
240 (40116)	`1`