Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Mar-09 10:56:59 |
Detected languages |
English - United States
Polish - Poland |
Debug artifacts |
C:\svnDev\Drivers\NetFilterSDK\bin\Release_c_api\Win32\axnetdrv.pdb
|
CompanyName | Axence Inc. |
FileDescription | Axence Network Driver API |
FileVersion | 1.5.2.2 |
InternalName | axnetdrv.dll |
LegalCopyright | © Axence Inc. All rights reserved. |
OriginalFilename | axnetdrv.dll |
ProductName | Axence Network Driver API |
ProductVersion | 1.6.6.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: AXENCE INC.
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020 |
Safe | VirusTotal score: 0/70 (Scanned on 2023-07-27 14:35:38) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2023-Mar-09 10:56:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x19600 |
SizeOfInitializedData | 0xda00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000C1E8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1b000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2a000 |
SizeOfHeaders | 0x400 |
Checksum | 0x32e3d |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetOverlappedResult
ReadFile DeviceIoControl GetProcAddress GetModuleHandleA OpenProcess CancelIo GetLogicalDriveStringsW QueryDosDeviceW GetDriveTypeW SetLastError CreateFileA GetVersionExA GetLastError WriteFile GetTickCount WaitForMultipleObjects WaitForSingleObject SetEvent GetSystemInfo ResetEvent CreateEventA CloseHandle DeleteCriticalSection InitializeCriticalSectionAndSpinCount LeaveCriticalSection GetCurrentProcessId EnterCriticalSection FlushFileBuffers WriteConsoleW SetStdHandle HeapFree HeapAlloc EncodePointer DecodePointer CreateThread GetCurrentThreadId ExitThread LoadLibraryExW GetCommandLineA RaiseException RtlUnwind IsDebuggerPresent IsProcessorFeaturePresent GetProcessHeap ExitProcess GetModuleHandleExW MultiByteToWideChar WideCharToMultiByte GetStdHandle GetModuleFileNameW HeapSize UnhandledExceptionFilter SetUnhandledExceptionFilter Sleep GetCurrentProcess TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetModuleHandleW GetFileType GetModuleFileNameA QueryPerformanceCounter GetSystemTimeAsFileTime GetEnvironmentStringsW FreeEnvironmentStringsW IsValidCodePage GetACP GetOEMCP GetCPInfo OutputDebugStringW HeapReAlloc LCMapStringW GetConsoleCP GetConsoleMode SetFilePointerEx GetStringTypeW CreateFileW |
---|---|
ADVAPI32.dll |
DeleteService
RegSetValueExA QueryServiceStatus OpenServiceA StartServiceA CloseServiceHandle CreateServiceW OpenSCManagerA RegCloseKey RegOpenKeyExA AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegQueryValueExA |
PSAPI.DLL |
GetModuleFileNameExA
GetModuleFileNameExW |
Ordinal | 1 |
---|---|
Address | 0x6c30 |
Ordinal | 2 |
---|---|
Address | 0x6760 |
Ordinal | 3 |
---|---|
Address | 0x4b20 |
Ordinal | 4 |
---|---|
Address | 0x6dc0 |
Ordinal | 5 |
---|---|
Address | 0x5a80 |
Ordinal | 6 |
---|---|
Address | 0x5b60 |
Ordinal | 7 |
---|---|
Address | 0x5cb0 |
Ordinal | 8 |
---|---|
Address | 0x6d30 |
Ordinal | 9 |
---|---|
Address | 0x6800 |
Ordinal | 10 |
---|---|
Address | 0x4bd0 |
Ordinal | 11 |
---|---|
Address | 0x5320 |
Ordinal | 12 |
---|---|
Address | 0x54c0 |
Ordinal | 13 |
---|---|
Address | 0x6ec0 |
Ordinal | 14 |
---|---|
Address | 0x6a50 |
Ordinal | 15 |
---|---|
Address | 0x59a0 |
Ordinal | 16 |
---|---|
Address | 0x65c0 |
Ordinal | 17 |
---|---|
Address | 0x5a10 |
Ordinal | 18 |
---|---|
Address | 0x5d90 |
Ordinal | 19 |
---|---|
Address | 0x6af0 |
Ordinal | 20 |
---|---|
Address | 0x5e70 |
Ordinal | 21 |
---|---|
Address | 0x6b90 |
Ordinal | 22 |
---|---|
Address | 0x50e0 |
Ordinal | 23 |
---|---|
Address | 0x4b00 |
Ordinal | 24 |
---|---|
Address | 0x4ae0 |
Ordinal | 25 |
---|---|
Address | 0x69b0 |
Ordinal | 26 |
---|---|
Address | 0xa8e0 |
Ordinal | 27 |
---|---|
Address | 0xa940 |
Ordinal | 28 |
---|---|
Address | 0x6750 |
Ordinal | 29 |
---|---|
Address | 0x5b40 |
Ordinal | 30 |
---|---|
Address | 0x4c70 |
Ordinal | 31 |
---|---|
Address | 0x4d60 |
Ordinal | 32 |
---|---|
Address | 0x6890 |
Ordinal | 33 |
---|---|
Address | 0x5520 |
Ordinal | 34 |
---|---|
Address | 0x6920 |
Ordinal | 35 |
---|---|
Address | 0x4480 |
Ordinal | 36 |
---|---|
Address | 0x5550 |
Ordinal | 37 |
---|---|
Address | 0x5850 |
Ordinal | 38 |
---|---|
Address | 0x4450 |
Ordinal | 39 |
---|---|
Address | 0x4420 |
Ordinal | 40 |
---|---|
Address | 0x4110 |
Ordinal | 41 |
---|---|
Address | 0x5730 |
Ordinal | 42 |
---|---|
Address | 0x5610 |
Ordinal | 43 |
---|---|
Address | 0x48e0 |
Ordinal | 44 |
---|---|
Address | 0x48b0 |
Ordinal | 45 |
---|---|
Address | 0x45a0 |
Ordinal | 46 |
---|---|
Address | 0xa9a0 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.5.2.2 |
ProductVersion | 1.6.6.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_STATIC_LIB
|
Language | English - United States |
CompanyName | Axence Inc. |
FileDescription | Axence Network Driver API |
FileVersion (#2) | 1.5.2.2 |
InternalName | axnetdrv.dll |
LegalCopyright | © Axence Inc. All rights reserved. |
OriginalFilename | axnetdrv.dll |
ProductName | Axence Network Driver API |
ProductVersion (#2) | 1.6.6.0 |
Resource LangID | Polish - Poland |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Mar-09 10:56:59 |
Version | 0.0 |
SizeofData | 92 |
AddressOfRawData | 0x20930 |
PointerToRawData | 0x1f330 |
Referenced File | C:\svnDev\Drivers\NetFilterSDK\bin\Release_c_api\Win32\axnetdrv.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Mar-09 10:56:59 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x2098c |
PointerToRawData | 0x1f38c |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x10023008 |
SEHandlerTable | 0x10020f10 |
SEHandlerCount | 25 |
XOR Key | 0xdb6f0078 |
---|---|
Unmarked objects | 0 |
199 (41118) | 1 |
ASM objects (VS2013 build 21005) | 23 |
C objects (VS2013 build 21005) | 122 |
C++ objects (VS2013 build 21005) | 45 |
Imports (VS2008 SP1 build 30729) | 7 |
Total imports | 111 |
229 (VS2013 UPD5 build 40629) | 5 |
Exports (VS2013 UPD5 build 40629) | 1 |
Resource objects (VS2013 build 21005) | 1 |
151 | 1 |
Linker (VS2013 UPD5 build 40629) | 1 |