Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
Compilation Date | 2009-Feb-13 22:18:07 |
Detected languages |
English - United States
|
Debug artifacts |
bxvbda.pdb
|
CompanyName | Broadcom Corporation |
FileDescription | Broadcom NetXtreme II GigE VBD |
FileVersion | 4.8.2.0 built by: WinDDK |
InternalName | bxvbda.sys |
LegalCopyright | (c) COPYRIGHT 2001-2008 Broadcom Corporation |
OriginalFilename | bxvbda.sys |
ProductName | Broadcom NetXtreme II GigE |
ProductVersion | 4.8.2.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE is possibly packed. | Section INIT is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
Functions which can be used for anti-debugging purposes:
|
Malicious | The program tries to mislead users about its origins. | The PE pretends to be from Broadcom but is not signed! |
Safe | VirusTotal score: 0/73 (Scanned on 2020-02-11 06:37:42) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2009-Feb-13 22:18:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 8.1 |
SizeOfCode | 0x2d000 |
SizeOfInitializedData | 0x49000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000002BAE0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x10000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.1 |
ImageVersion | 6.1 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x7b000 |
SizeOfHeaders | 0x400 |
Checksum | 0x78260 |
Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
SizeofStackReserve | 0x40000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ntoskrnl.exe |
RtlIntegerToUnicodeString
KeSetEvent RtlCheckRegistryKey RtlAppendUnicodeToString ZwDeleteValueKey KeReleaseSpinLock ZwQueryValueKey ZwClose KeWaitForSingleObject IoFreeIrp RtlWriteRegistryValue IoAllocateIrp ZwDeleteKey IofCallDriver ZwOpenKey KeAcquireSpinLockRaiseToDpc IoGetDmaAdapter ExAllocatePoolWithTag KeSetImportanceDpc IoWriteErrorLogEntry KeSetTargetProcessorDpc ExReleaseFastMutexUnsafe ExInitializeNPagedLookasideList RtlQueryRegistryValues KeInitializeDpc MmBuildMdlForNonPagedPool KeReleaseSpinLockFromDpcLevel IoAllocateErrorLogEntry KeInitializeTimer ExFreePoolWithTag KeDelayExecutionThread PsCreateSystemThread ObReferenceObjectByHandle KeSetTimer ObfDereferenceObject RtlUnicodeStringToInteger KeCancelTimer KeNumberProcessors KeAcquireSpinLockAtDpcLevel IoAllocateMdl KeInsertQueueDpc MmUnmapIoSpace IoFreeMdl ExDeleteNPagedLookasideList KeClearEvent ExpInterlockedPushEntrySList ZwSetValueKey ExpInterlockedPopEntrySList ExQueryDepthSList ZwFlushKey IoGetDeviceProperty MmMapIoSpace ZwMapViewOfSection ZwQuerySystemInformation ZwUnmapViewOfSection RtlCompareMemory ZwOpenSection KeBugCheckEx ZwCreateKey KeInitializeEvent MmGetSystemRoutineAddress RtlCopyUnicodeString RtlInitUnicodeString ExAcquireFastMutexUnsafe KeQueryActiveProcessors |
---|---|
HAL.dll |
KeQueryPerformanceCounter
KeStallExecutionProcessor |
WDFLDR.SYS |
WdfVersionUnbind
WdfVersionBind |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.8.2.0 |
ProductVersion | 4.8.2.0 |
FileFlags |
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DRV
|
FileSubtype | VFT2_DRV_NETWORK |
Language | English - United States |
CompanyName | Broadcom Corporation |
FileDescription | Broadcom NetXtreme II GigE VBD |
FileVersion (#2) | 4.8.2.0 built by: WinDDK |
InternalName | bxvbda.sys |
LegalCopyright | (c) COPYRIGHT 2001-2008 Broadcom Corporation |
OriginalFilename | bxvbda.sys |
ProductName | Broadcom NetXtreme II GigE |
ProductVersion (#2) | 4.8.2.0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Feb-13 22:18:07 |
Version | 0.0 |
SizeofData | 35 |
AddressOfRawData | 0x2ebf0 |
PointerToRawData | 0x2d5f0 |
Referenced File | bxvbda.pdb |
XOR Key | 0x85e90eaf |
---|---|
Unmarked objects | 0 |
129 (VS2012 build 50727 / VS2005 build 50727) | 2 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 2 |
Total imports | 69 |
Imports (40310) | 5 |
ASM objects (40310) | 2 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 3 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
C objects (40310) | 2 |
113 (VS2012 build 50727 / VS2005 build 50727) | 29 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |