Manalyze report for bde372760ce17347365ce53db8aa83769f66376ce7c9e00045024c828fc8e525

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2025-Sep-12 11:00:18
Detected languages	English - United States
Debug artifacts	D:\BambooBuild\VULSDK-VS-JOB1\Bin\VS2019\x64\Release\vlflt.pdb
CompanyName	Bitdefender
FileDescription	vlflt Filter Driver
FileVersion	`2.0.269.0`
InternalName	vlflt.sys
LegalCopyright	Copyright Â© Bitdefender
OriginalFilename	vlflt.sys
ProductName	Bitdefender
ProductVersion	`2.0.269.0`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: PAGE`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: ZwQuerySystemInformation` `Uses Windows's Native API: ZwClose ZwQuerySystemInformation ZwQueryVirtualMemory ZwQueryKey ZwQueryInformationProcess ZwQueryInformationThread ZwOpenThread ZwQueryValueKey ZwOpenKey ZwQueryInformationTransaction ZwTerminateProcess NtClose`
Info	The PE is digitally signed.	`Signer: Microsoft Windows Hardware Compatibility Publisher` `Issuer: Microsoft Windows Third Party Component CA 2012`
Safe	VirusTotal score: 0/65 (Scanned on 2025-12-09 13:59:25)	`All the AVs think this file is safe.`

Hashes

MD5	`a24ae72ea85fb7e4cc9c0fbbb73fdce8`
SHA1	`7f9b9f180ef7dfebf767efc851a26d91b77e31aa`
SHA256	`bde372760ce17347365ce53db8aa83769f66376ce7c9e00045024c828fc8e525`
SHA3	`db6e4b637525d490db7d316c7acc8d5d3f530198f6b16bb90dcb2bd9a28e53d0`
SSDeep	`12288:/JOcEcHMKAsYHSWZv7d65hsSoUWSWrSayDRF82g1AmzUForgFktah+r0YPhVYwu:OcHMLwsSrnmzsk4YZc`
Imports Hash	`47e18e5fc3c6f79ec7f88bd700b444e6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2025-Sep-12 11:00:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x75e00`
SizeOfInitializedData	`0xf9200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000167300 (Section: INIT)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x174000`
SizeOfHeaders	`0x400`
Checksum	`0x1636d9`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`891521e93fb03bdda91ea58ef2aac9b6`
SHA1	`2113ce91879c343351245a8f5814a534d1e1abff`
SHA256	`d4738adea778059c65843972a1c1fcdf55eb3181ca27764d3447f27a76c5c14a`
SHA3	`c9ef48373e9ef288608272901aa5f5f678af79e87bf0cc90eeac588e3f28ee80`
VirtualSize	`0x50675`
VirtualAddress	`0x1000`
SizeOfRawData	`0x50800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.46561`

.rdata

MD5	`5d68c0c0b1d70fd12f66f4f20aabdc03`
SHA1	`894fb9a92ab02fcf0383ba01277aae8e586ce710`
SHA256	`8bbd4bb3aec06a68580d295a9ac5cbc2fea789e80f0be98cf7d20d2880064134`
SHA3	`ace825396378dd9e7d747e381416db9e42d16b20525960245de0bb4a6a43bd88`
VirtualSize	`0xdb6f8`
VirtualAddress	`0x52000`
SizeOfRawData	`0xdb800`
PointerToRawData	`0x50c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`2.45201`

.data

MD5	`ebf1714707725f1a11cc1baae5cf1516`
SHA1	`4c4e51c0328d56c4cff1abfe804be4cc0e3c1272`
SHA256	`dde01fbd77c9b107644345c78c532d07111773137486ede73525b95d4a9c4a37`
SHA3	`bad356164036b0c2420c7d418a77eb92a7a8a5178395b8ddb4b33c71c5c66267`
VirtualSize	`0x113c4`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x12c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.87665`

.pdata

MD5	`93a07f0be31776f581f8e736f2ec8ecb`
SHA1	`6ab0dca54909bd9519778ebd85131029cf02c586`
SHA256	`930400d79118074964a46827f326b714b909b22ba851cd8a72e6f7415bd49169`
SHA3	`adb8733a056de6db8b0145648ded0f7b10cb0d7cc61743aa072737158d5a1f2a`
VirtualSize	`0x3c84`
VirtualAddress	`0x140000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x12cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.78268`

PAGE

MD5	`0073d74607c045a429239447304d6030`
SHA1	`b06aa13db251ca874a65388605385eea74b04e93`
SHA256	`9678495d53307d90deea46bf9191c4616ebd59ff961a41c293a142b3910abfa5`
SHA3	`a36c83b22e38bd1c12b936ae4278d5f97cfee10d265c56b1136dc36bfb12d9f7`
VirtualSize	`0x1e685`
VirtualAddress	`0x144000`
SizeOfRawData	`0x1e800`
PointerToRawData	`0x130a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38324`

INIT

MD5	`126153156613d8741dab06ba4c4bcab9`
SHA1	`c89ec291e50c3b58d7d40a49ef874f53a8923381`
SHA256	`990f807faef8ebcc30dcacfa1b22a61a4539d84d5e98a5d06dca4c0a692485e4`
SHA3	`f3cf9aa3b9612debda2d9e54dfef4e8e1c92238a4f1f5372934bbc1b72cda569`
VirtualSize	`0x6dd0`
VirtualAddress	`0x163000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x14f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.31098`

INIT (#2)

MD5	`d4f2a2055dfb4f24a9b9e73089ec8ab3`
SHA1	`45e00ac94d36a28f8b374c890912e3b7a26e812a`
SHA256	`e08dbf2993620c035a8b64a3e0250725711a8a933471f3db30c1d93c54205029`
SHA3	`00734c97ac7f80d8499f5c310e8aa34a718b0dfa81384942530469f16f187234`
VirtualSize	`0x4b0`
VirtualAddress	`0x16a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x156000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.56863`

.rsrc

MD5	`e732a937d177d359cab96aa9fa6c9311`
SHA1	`9899d15ed833f89af94494b834390e159bbc7b67`
SHA256	`b4298c2b8491ca7fca4cf6cba7fca8e310ae75b4f443d9e0f047de28bdf93197`
SHA3	`209fc19ab9eecd75914e9db75909fe40c7f9eb4549cc5819353be207da4fd3cc`
VirtualSize	`0xb90`
VirtualAddress	`0x16b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x156600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.48801`

.reloc

MD5	`d87a9004d24eaf44a36ab68b90ad4925`
SHA1	`999bafd1c0f04bc3255c9b75b7e8a5394cdbb0ba`
SHA256	`2939e77f4077808543fefba2c4fd529f6c0c61ce90bdd3bd82a96a0f7546ee06`
SHA3	`2daf3d13cd6a7449f810d5d28316b986d15e3eaa5110bb5994c55ef31fdaaac0`
VirtualSize	`0x74d4`
VirtualAddress	`0x16c000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x157200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44686`

Imports

FLTMGR.SYS	`FltSupportsStreamContexts` `FltReleaseContext` `FltGetStreamHandleContext` `FltGetStreamContext` `FltSupportsStreamHandleContexts` `FltSendMessage` `FltGetVolumeInstanceFromName` `FltGetFileNameInformationUnsafe` `FltObjectDereference` `FltReleaseFileNameInformation` `FltGetFileSystemType` `FltGetVolumeFromFileObject` `FltRetrieveIoPriorityInfo` `FltGetRoutineAddress` `FltClose` `FltCreateFileEx` `FltGetRequestorProcess` `FltDeleteStreamHandleContext` `FltQueryInformationFile` `FltAllocateContext` `FltGetVolumeName` `FltGetVolumeProperties` `FltAllocateGenericWorkItem` `FltOpenVolume` `FltObjectReference` `FltDeletePushLock` `FltGetVolumeGuidName` `FltSetStreamHandleContext` `FltReferenceContext` `FltInitializePushLock` `FltFsControlFile` `FltQueryVolumeInformation` `FltSetInstanceContext` `FltSetStreamContext` `FltGetDiskDeviceObject` `FltFreeGenericWorkItem` `FltReleasePushLock` `FltAcquirePushLockExclusive` `FltGetInstanceContext` `FltFindExtraCreateParameter` `FltGetFileNameInformation` `FltGetEcpListFromCallbackData` `FltIsEcpFromUserMode` `FltCancelFileOpen` `FltParseFileNameInformation` `FltGetDestinationFileNameInformation` `FltGetRequestorSessionId` `FltGetTransactionContext` `FltSetCallbackDataDirty` `FltAcquirePushLockShared` `FltCancellableWaitForSingleObject` `FltSetEcpListIntoCallbackData` `FltIsEcpAcknowledged` `FltFreeExtraCreateParameter` `FltAllocateExtraCreateParameter` `FltInsertExtraCreateParameter` `FltFreeExtraCreateParameterList` `FltAllocateExtraCreateParameterList` `FltUnregisterFilter` `FltRegisterFilter` `FltStartFiltering` `FltDeleteContext` `FltEnlistInTransaction` `FltSetTransactionContext` `FltIsVolumeSnapshot` `FltAcknowledgeEcp` `FltCreateFileEx2` `FltEnumerateInstances` `FltCloseClientPort` `FltBuildDefaultSecurityDescriptor` `FltCreateCommunicationPort` `FltCloseCommunicationPort` `FltFreeSecurityDescriptor` `FltIsOperationSynchronous` `FltQueueGenericWorkItem`
cng.sys	`BCryptGetProperty` `BCryptOpenAlgorithmProvider` `BCryptFinishHash` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptHashData` `BCryptCreateHash` `BCryptEncrypt` `BCryptDecrypt` `BCryptSetProperty` `BCryptDestroyKey` `BCryptImportKey` `BCryptExportKey` `BCryptGenerateSymmetricKey`
ntoskrnl.exe	`RtlCompareUnicodeStrings` `RtlUpperChar` `strncmp` `wcsncmp` `RtlUpcaseUnicodeChar` `_purecall` `PsRemoveLoadImageNotifyRoutine` `KeGetCurrentIrql` `PsSetLoadImageNotifyRoutine` `_vsnwprintf_s` `EtwWrite` `MmDoesFileHaveUserWritableReferences` `__C_specific_handler` `ExReleaseFastMutex` `KeWaitForMultipleObjects` `ObfDereferenceObject` `ExInitializePagedLookasideList` `PsCreateSystemThread` `ExDeletePagedLookasideList` `KeSetEvent` `KeInitializeSemaphore` `PsThreadType` `ObReferenceObjectByHandle` `KeReleaseSemaphore` `ExAcquireFastMutex` `ExFreePoolWithTag` `KeQueryActiveProcessorCount` `KeInitializeEvent` `KeWaitForSingleObject` `ZwClose` `PsTerminateSystemThread` `IoFileObjectType` `ObfReferenceObject` `ExpInterlockedPopEntrySList` `ExpInterlockedPushEntrySList` `ExQueryDepthSList` `IoAllocateWorkItem` `RtlAnsiStringToUnicodeString` `ZwQuerySystemInformation` `RtlFreeUnicodeString` `PsProcessType` `ExWaitForRundownProtectionRelease` `ExInitializeRundownProtection` `RtlInitAnsiString` `RtlGetVersion` `ExAcquireRundownProtection` `MmGetSystemRoutineAddress` `IoFreeWorkItem` `IoQueueWorkItem` `ExReleaseRundownProtection` `RtlImageDirectoryEntryToData` `MmUnmapViewInSystemSpace` `KeEnterCriticalRegion` `FsRtlGetFileSize` `MmMapViewInSystemSpace` `ZwQueryVirtualMemory` `IoGetCurrentProcess` `RtlWalkFrameChain` `_stricmp` `SeLocateProcessImageName` `FsRtlCreateSectionForDataScan` `RtlCompareMemory` `KeLeaveCriticalRegion` `IoGetStackLimits` `IoThreadToProcess` `PsGetCurrentThreadId` `ZwQueryKey` `ObDereferenceObjectDeferDelete` `ObQueryNameString` `ExDeleteResourceLite` `ExAcquireResourceExclusiveLite` `RtlInitUnicodeString` `IoVolumeDeviceToDosName` `IoOpenDeviceRegistryKey` `ExAcquireResourceSharedLite` `IoGetDeviceAttachmentBaseRef` `IoBuildDeviceIoControlRequest` `IoGetDevicePropertyData` `IoGetDeviceObjectPointer` `ExReleaseResourceLite` `KeClearEvent` `IoRegisterPlugPlayNotification` `IofCallDriver` `IoBuildSynchronousFsdRequest` `InitializeSListHead` `KeResetEvent` `ExInitializeResourceLite` `RtlValidSid` `SeQueryInformationToken` `RtlCompareUnicodeString` `RtlEnumerateEntryHashTable` `RtlEndEnumerationHashTable` `RtlHashUnicodeString` `RtlCreateHashTable` `PsGetProcessId` `PsInitialSystemProcess` `RtlRemoveEntryHashTable` `RtlInitEnumerationHashTable` `RtlInsertEntryHashTable` `RtlGetNextEntryHashTable` `RtlLookupEntryHashTable` `RtlDeleteHashTable` `KeStackAttachProcess` `KeUnstackDetachProcess` `MmSectionObjectType` `ObCloseHandle` `ObOpenObjectByPointer` `PsLookupProcessByProcessId` `PsReferenceProcessFilePointer` `PsGetProcessCreateTimeQuadPart` `RtlLengthSid` `RtlAppendUnicodeStringToString` `RtlPrefixUnicodeString` `KeAreAllApcsDisabled` `RtlStringFromGUID` `RtlEqualUnicodeString` `PsGetProcessPeb` `ExRegisterCallback` `ExCreateCallback` `ZwQueryInformationProcess` `ZwQueryInformationThread` `PsRemoveCreateThreadNotifyRoutine` `PsSetCreateProcessNotifyRoutineEx` `ZwOpenThread` `PsSetCreateThreadNotifyRoutine` `ExUnregisterCallback` `ProbeForRead` `IoGetAttachedDeviceReference` `ProbeForWrite` `ExDeleteNPagedLookasideList` `IoDeleteDevice` `RtlVerifyVersionInfo` `RtlQueryRegistryValues` `IoUnregisterPlugPlayNotificationEx` `ExInitializeNPagedLookasideList` `IoCreateDevice` `ZwQueryValueKey` `VerSetConditionMask` `IoWMIRegistrationControl` `InitSafeBootMode` `MmIsDriverVerifyingByAddress` `IoRegisterBootDriverReinitialization` `ZwOpenKey` `PsIsSystemThread` `PsGetProcessExitStatus` `PsLookupThreadByThreadId` `PsGetThreadProcess` `RtlLengthSecurityDescriptor` `PsGetCurrentProcessId` `RtlDowncaseUnicodeString` `towupper` `MmUnlockPages` `IoCancelIrp` `IoFreeIrp` `FsRtlCancellableWaitForMultipleObjects` `IoGetRelatedDeviceObject` `PsDereferencePrimaryToken` `ZwQueryInformationTransaction` `IoFreeMdl` `PsReferencePrimaryToken` `IoAllocateIrp` `PsReferenceImpersonationToken` `ZwTerminateProcess` `PsDereferenceImpersonationToken` `EtwUnregister` `EtwRegister` `ObUnRegisterCallbacks` `ObRegisterCallbacks` `ObGetObjectSecurity` `RtlSubAuthoritySid` `RtlGetSaclSecurityDescriptor` `IoQueryVolumeInformation` `RtlSubAuthorityCountSid` `PsGetProcessSessionId` `ObReleaseObjectSecurity` `PsGetProcessImageFileName` `PsGetThreadTeb` `IoGetTransactionParameterBlock` `RtlFindAceByType` `ExTryToAcquireFastMutex` `RtlAppendUnicodeToString` `CmUnRegisterCallback` `CmRegisterCallbackEx` `NtClose` `KeSetTimer` `KeInitializeDpc` `KeRemoveQueueDpc` `KeInitializeTimer` `KeCancelTimer` `KeFlushQueuedDpcs` `RtlInitializeSid` `IoQueryFileDosDeviceName` `RtlLengthRequiredSid` `ExAllocatePoolWithQuotaTag` `ExAllocatePoolWithTag` `IoGetTopLevelIrp` `KeBugCheckEx` `strcmp`

Delayed Imports

1

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63116`
MD5	`4529dc6bab279ebeaa23298e70a50efd`
SHA1	`6f0d940d4121c22dde948ad43efe4257960242b2`
SHA256	`821d1f9080054e634e97accb99c4d240a73ddc804fb6f722fb8b461aabd9ef93`
SHA3	`725657b4377fd082ddae64e0e676de724d0edc275231de6b4ed3d49b93ed29b3`

1 (#2)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02197`
MD5	`44fbb520b862917da99b814998e63799`
SHA1	`d7957938457e49b63fe096c358c1e64eb5bfe05f`
SHA256	`b1e89a860ef5ff3b89b478ec23885c78b2b84196046f10c360a52bff9d651a37`
SHA3	`c5741eb9cdb24d9ab8c7bdf192c98e4f60cfa491a21193805783e82a7db2bb08`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41176`
MD5	`a3190912dd39ca7007b803ec5512dfea`
SHA1	`c1c19c58023eac5c5362df3ba53543a2134cbc5a`
SHA256	`0902604fde95a7a459332c08f302e178f78f2c41ee7e30d99b96d8fb9d3fb489`
SHA3	`e123de8da67894824d6628b568cdf915b457207f5827eda29f14320175fc6d2d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.269.0
ProductVersion	2.0.269.0
FileFlags	`VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DRV`
FileSubtype	VFT2_DRV_SYSTEM
Language	English - United States
CompanyName	Bitdefender
FileDescription	vlflt Filter Driver
FileVersion (#2)	2.0.269.0
InternalName	vlflt.sys
LegalCopyright	Copyright Â© Bitdefender
OriginalFilename	vlflt.sys
ProductName	Bitdefender
ProductVersion (#2)	2.0.269.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Sep-12 11:00:18
Version	`0.0`
SizeofData	`87`
AddressOfRawData	`0x127298`
PointerToRawData	`0x125e98`
Referenced File	D:\BambooBuild\VULSDK-VS-JOB1\Bin\VS2019\x64\Release\vlflt.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2025-Sep-12 11:00:18
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x1272f0`
PointerToRawData	`0x125ef0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14012e000`
GuardCFCheckFunctionPointer	`5369047312`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x54927246`
Unmarked objects	`0`
ASM objects (29395)	`6`
C objects (29395)	`8`
Imports (29395)	`7`
Total imports	`304`
C objects (LTCG) (30151)	`96`
Resource objects (30151)	`1`
151	`1`
Linker (30151)	`1`

Errors

Leave a comment

No comments yet.