3e5b191307609f7514148c6832bb0842

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_NATIVE
Compilation Date 2009-Feb-13 22:18:07
Detected languages English - United States
Debug artifacts bxvbda.pdb
CompanyName Broadcom Corporation
FileDescription Broadcom NetXtreme II GigE VBD
FileVersion 4.8.2.0 built by: WinDDK
InternalName bxvbda.sys
LegalCopyright (c) COPYRIGHT 2001-2008 Broadcom Corporation
OriginalFilename bxvbda.sys
ProductName Broadcom NetXtreme II GigE
ProductVersion 4.8.2.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Section INIT is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • ZwQuerySystemInformation
 Uses Windows's Native API:
  • ZwDeleteValueKey
  • ZwQueryValueKey
  • ZwClose
  • ZwDeleteKey
  • ZwOpenKey
  • ZwSetValueKey
  • ZwFlushKey
  • ZwMapViewOfSection
  • ZwQuerySystemInformation
  • ZwUnmapViewOfSection
  • ZwOpenSection
  • ZwCreateKey
Malicious The program tries to mislead users about its origins. The PE pretends to be from Broadcom but is not signed!
Safe VirusTotal score: 0/73 (Scanned on 2020-02-11 06:37:42) All the AVs think this file is safe.

Hashes

MD5 3e5b191307609f7514148c6832bb0842
SHA1 43dbd3cfcd1b040db7e4da6866b9a7745b12ea17
SHA256 de011cb7aa4a2405faf21575182e0793a1d83dffc44e9a7864d59f3d51d8d580
SHA3 513f889506437cfcdb27927a0018c188182c96c3de90cb60244dbb42ef1cf9ea
SSDeep 6144:Fif6eIxCBQRRjRudbYlCQZrPyMuL39y0liQuWJFarKluOFY8P9:FFCKRRludbu/Kpy0liWVT
Imports Hash 493fead2e770f5b5f4d1203b465531b9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2009-Feb-13 22:18:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 8.1
SizeOfCode 0x2d000
SizeOfInitializedData 0x49000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000002BAE0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x10000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.1
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x7b000
SizeOfHeaders 0x400
Checksum 0x78260
Subsystem IMAGE_SUBSYSTEM_NATIVE
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7d2c6dc935c07378729198d50e21583e
SHA1 7ca6d565574f68c10064239e67ceaa17682f3d4e
SHA256 91ab632133d4cd4e0c1adf77cef7a69f4626172c67749eb2ecfed4ace3db11fe
SHA3 a2d359948b0eb9a3e38d32e936b0440e8b18e0d43ceea42e807faa68206b0706
VirtualSize 0x2c5fe
VirtualAddress 0x1000
SizeOfRawData 0x2c600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 6.30655

.rdata

MD5 b28ca945ac9f4b19b45a11e20b36d463
SHA1 a022f66a677d266be091ecded277ba0f462ebf04
SHA256 36d20a314197b387e903fe2858c330065628b5d65285702439a73c233b92e6c2
SHA3 e1ae5738f06884462b1f450fad54d99038b2824dd4906e6b2b84144c2a298228
VirtualSize 0x1870
VirtualAddress 0x2e000
SizeOfRawData 0x1a00
PointerToRawData 0x2ca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 5.80242

.data

MD5 3466484a391355bce1320e8197deb3a9
SHA1 f43922c4b2377ae658d5507f929ef2fecff6ff0e
SHA256 6f299f585d2eca77c49b1d12c83650027963158fe6e96610d6a64316a1bec6c6
SHA3 899645debc83180bafbeb872e340ae149deee852241aeb3520373b98a2a0cc11
VirtualSize 0x44d30
VirtualAddress 0x30000
SizeOfRawData 0x41000
PointerToRawData 0x2e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.24279

.pdata

MD5 55e80278b23102d6a2d5cba4ce903081
SHA1 f5275ed318ab881771cfbac9d9640534fdee5e16
SHA256 39b5cfc6aef4d49074e3ac86037fba2b9f624d8c1f3c96bdc41addb8e8b08bb8
SHA3 451eb463e0b82b2b1489f747e0d12717ca0140c5cfd7fd2345151f7a151a9ba0
VirtualSize 0x13d4
VirtualAddress 0x75000
SizeOfRawData 0x1400
PointerToRawData 0x6f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 5.27356

INIT

MD5 43d58aff556acfd46fe7237b553192f4
SHA1 4837dee36411f7565ecabbf091a7d1770fec3560
SHA256 d26fa253464f158c1f9ca5acd6a37785e72eb7bbb7b48bd856a1cbbc2bc1cf8e
SHA3 3b2512e65e3e8bf1deb1aa4ec39db378fc3e2fcf5485d4eba3b474b0be682ac4
VirtualSize 0x902
VirtualAddress 0x77000
SizeOfRawData 0xa00
PointerToRawData 0x70800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.84015

.rsrc

MD5 f0ac124cd6711fd1c913306505025898
SHA1 08a957404a4470b44610327c78db60454b5fdf57
SHA256 ce741cc018be827df495e1f047aa9cfd79f225ceb3cda64fed3fdcdc5557e652
SHA3 d276da8c0271defb2e57a34d1bc233e071a1156ee17cd73d9f0fb156901d350d
VirtualSize 0x1098
VirtualAddress 0x78000
SizeOfRawData 0x1200
PointerToRawData 0x71200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.33457

.reloc

MD5 e50421bdc5db16173546e2f4750d3028
SHA1 f88a6ca844be5d989f0aa5a28ea60752ff3d4189
SHA256 9b042fd2ab5191c149798ba703d5b6f4cf7447d5284b7400e9b36b59149475cf
SHA3 9ffad82a5fad94d7bcca485b634ebf6013583a4985684ec85259cb19f27f1259
VirtualSize 0x108
VirtualAddress 0x7a000
SizeOfRawData 0x200
PointerToRawData 0x72400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.87101

Imports

ntoskrnl.exe RtlIntegerToUnicodeString
KeSetEvent
RtlCheckRegistryKey
RtlAppendUnicodeToString
ZwDeleteValueKey
KeReleaseSpinLock
ZwQueryValueKey
ZwClose
KeWaitForSingleObject
IoFreeIrp
RtlWriteRegistryValue
IoAllocateIrp
ZwDeleteKey
IofCallDriver
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
IoGetDmaAdapter
ExAllocatePoolWithTag
KeSetImportanceDpc
IoWriteErrorLogEntry
KeSetTargetProcessorDpc
ExReleaseFastMutexUnsafe
ExInitializeNPagedLookasideList
RtlQueryRegistryValues
KeInitializeDpc
MmBuildMdlForNonPagedPool
KeReleaseSpinLockFromDpcLevel
IoAllocateErrorLogEntry
KeInitializeTimer
ExFreePoolWithTag
KeDelayExecutionThread
PsCreateSystemThread
ObReferenceObjectByHandle
KeSetTimer
ObfDereferenceObject
RtlUnicodeStringToInteger
KeCancelTimer
KeNumberProcessors
KeAcquireSpinLockAtDpcLevel
IoAllocateMdl
KeInsertQueueDpc
MmUnmapIoSpace
IoFreeMdl
ExDeleteNPagedLookasideList
KeClearEvent
ExpInterlockedPushEntrySList
ZwSetValueKey
ExpInterlockedPopEntrySList
ExQueryDepthSList
ZwFlushKey
IoGetDeviceProperty
MmMapIoSpace
ZwMapViewOfSection
ZwQuerySystemInformation
ZwUnmapViewOfSection
RtlCompareMemory
ZwOpenSection
KeBugCheckEx
ZwCreateKey
KeInitializeEvent
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlInitUnicodeString
ExAcquireFastMutexUnsafe
KeQueryActiveProcessors
HAL.dll KeQueryPerformanceCounter
KeStallExecutionProcessor
WDFLDR.SYS WdfVersionUnbind
WdfVersionBind

Delayed Imports

1

Type RT_MESSAGETABLE
Language English - United States
Codepage UNKNOWN
Size 0xc8c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49709
MD5 c973f193a677947291af2dcc5e59ef8a
SHA1 d32072c4345308b7c27cb1e1627935f73a9e0472
SHA256 81fd31bab76c67b71e88029416b3a7d3dfb0134b955e6955c74bbe1cfde09716
SHA3 2bbe3b0f4b2faeb22f30e6477068639e4518f7ff3087a3cbfa6295c8a8e3154e

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.5077
MD5 7ab9c2ed04f86485b4488e2553308426
SHA1 ddaa4915918d21f399553ef16853552e03c60242
SHA256 e09c1769b7d37c67c7b596d61ec93d0029c8b56a4937b4313a11c74e7a0b0377
SHA3 5fda8ebbb5b1769f82ea12e345eb22796fc47308eb5fa453787e5844d2d633e8

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.8.2.0
ProductVersion 4.8.2.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DRV
FileSubtype VFT2_DRV_NETWORK
Language English - United States
CompanyName Broadcom Corporation
FileDescription Broadcom NetXtreme II GigE VBD
FileVersion (#2) 4.8.2.0 built by: WinDDK
InternalName bxvbda.sys
LegalCopyright (c) COPYRIGHT 2001-2008 Broadcom Corporation
OriginalFilename bxvbda.sys
ProductName Broadcom NetXtreme II GigE
ProductVersion (#2) 4.8.2.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2009-Feb-13 22:18:07
Version 0.0
SizeofData 35
AddressOfRawData 0x2ebf0
PointerToRawData 0x2d5f0
Referenced File bxvbda.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x85e90eaf
Unmarked objects 0
129 (VS2012 build 50727 / VS2005 build 50727) 2
Imports (VS2012 build 50727 / VS2005 build 50727) 2
Total imports 69
Imports (40310) 5
ASM objects (40310) 2
C objects (VS2012 build 50727 / VS2005 build 50727) 3
ASM objects (VS2012 build 50727 / VS2005 build 50727) 1
C objects (40310) 2
113 (VS2012 build 50727 / VS2005 build 50727) 29
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

<-- -->