Manalyze report for d39c604ecfac80ca567dd3cf54575a218eda532c312a13818be52db94a22dacd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Sep-01 04:19:17
Detected languages	English - United States Japanese - Japan
Debug artifacts	C:\msvss\K5Project\RadioSwitchDriver\dev\WOR\!Output\x64\Driver-Release\fjwrdswd.pdb
CompanyName	FUJITSU CLIENT COMPUTING LIMITED
FileDescription	Wireless Radio Switch Driver
FileVersion	`2.3.0.0`
InternalName	fjwrdswd.dll
LegalCopyright	Copyright FUJITSU CLIENT COMPUTING LIMITED 2012-2021
OriginalFilename	fjwrdswd.dll
ProductName	Wireless Radio Switch Driver
ProductVersion	`2.3.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Can access the registry: RegGetValueW`
Info	The PE is digitally signed.	`Signer: FUJITSU CLIENT COMPUTING LIMITED` `Issuer: Sectigo RSA Code Signing CA`
Safe	VirusTotal score: 0/72 (Scanned on 2025-11-28 17:08:39)	`All the AVs think this file is safe.`

Hashes

MD5	`7d49f468845a80b38e658c88de69c242`
SHA1	`68b44cfe8fc26cf853d7f7db93a63a41083c186d`
SHA256	`d39c604ecfac80ca567dd3cf54575a218eda532c312a13818be52db94a22dacd`
SHA3	`79c9a991761d3a31e9572b1412c03b9b427f87477716b8d1c2ead80f1d8f6abb`
SSDeep	`1536:OVjQFOR1/xQ+mT3mZt+C78z8O2Y+9waQ+8iAhnl/zuKnf2FzGHcUzHTCcRzAt:OpQF6J1CC7a8A+uDhl/rgEfHCo8t`
Imports Hash	`b4f484650089690430dd02a6ec4ca7ae`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Sep-01 04:19:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9800`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000006400 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0x26581`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7b7044841c8f9a90a370df88759980bd`
SHA1	`6a2d961f79d58ccfa8ea9b08b3e66834c0c52144`
SHA256	`adbfd2c80ca0e9b12b5843a0e971fea55a8315e22209c48c54517c28a3a7f9f9`
SHA3	`ec29f8d95f57786323a5ed2b4c84e864179f3ee86eade25bc75d68b5aed9e072`
VirtualSize	`0x97b3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33277`

.rdata

MD5	`0e405095e5555bbb5b597dfc2e427de2`
SHA1	`b33499644b8b71cb422c25acc84621e538f4ffd8`
SHA256	`38fecf125d2223e76d867d276c9611d197a00e63cfa47977145f125582b6b534`
SHA3	`0b594826ae8efeba17fa8bf908a5ccbf8ed8765a3b567698f3f9bf32f4723ca8`
VirtualSize	`0x4114`
VirtualAddress	`0xb000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65408`

.data

MD5	`36c2f9f11d587bf85124b14daaa0a19b`
SHA1	`96686e402985bc5fec838852187f5e61b3176f2e`
SHA256	`04fad12513e818686ec076e16b9ce619659c0934299bd134e584e3332ec44d20`
SHA3	`453de1270f7abe3a0430e3db961c086435d801f78c94b34e5f7e62363c3eb591`
VirtualSize	`0x9d8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.28154`

.pdata

MD5	`203ed34812f5bb59c4fb0fb735c51535`
SHA1	`e1f48a7b2f74a77f2c4f208e3479a5fd7879e7dc`
SHA256	`84b2a645f24ce652b48b0f5fb9b5db3e50f0c38b44fdc01a2b34cabe546b8259`
SHA3	`a2d80dcfa70382d7ce185c7f4303872edfad209c1c02c1cf1dfde0522f37d171`
VirtualSize	`0xa80`
VirtualAddress	`0x11000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.96688`

_RDATA

MD5	`159d1824013e1d24f715dadc3ca76a4e`
SHA1	`2a6901915e8f4d565fc39f4e4527b74211135e02`
SHA256	`d6a86d3d55a5deff13fa55c89ec5bc9bdd226049f53cc70ed79d070ef3780aa7`
SHA3	`b6e8417455f7583b36428d038fde78a1a572cdde3ae508f947f8db892ab3c832`
VirtualSize	`0x180`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.73126`

.rsrc

MD5	`f94cfbb6ac9530a3cb9c0a2a8e77118a`
SHA1	`fff9ab46d8848acf50ecbfe4d4a5e6ce3e876dc0`
SHA256	`9b0a220db9ade195ae542e66fe9e8b641d94c009707028486637bf56a482303d`
SHA3	`13a422247d32bd5a00e2780494ffa9cfd91b640c11fbf2e371d56ec61d39d5fd`
VirtualSize	`0x3d8`
VirtualAddress	`0x13000`
SizeOfRawData	`0x400`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.26024`

.reloc

MD5	`5b22f9facf0a2bc7261617de80fba398`
SHA1	`657bf1e7f165979a41662da280863aa736f2f56a`
SHA256	`33d37c6a0e349fb8fb0253e358f49fad54ba1c9eb7ecafd3b3e3e8f4abedc3b9`
SHA3	`43f723f98fffe48bc4651493399b26fb3f92791f329f9189d66facc037160cc7`
VirtualSize	`0x1b4`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.66913`

Imports

ntdll.dll	`DbgPrintEx` `RtlPcToFileHeader` `RtlUnwindEx` `RtlInitUnicodeString`
KERNEL32.dll	`ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `CreateThreadpoolWait` `SetThreadpoolWait` `WaitForThreadpoolWaitCallbacks` `CloseThreadpoolWait` `SetEvent` `DeleteCriticalSection` `InitializeCriticalSectionEx` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `GetLastError` `CloseHandle` `GetProcAddress` `FreeLibrary` `GetCurrentProcessId` `LoadLibraryW` `SetLastError` `QueryPerformanceCounter` `ResetEvent` `EncodePointer` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `InterlockedFlushSList` `RaiseException` `InitializeSListHead` `GetSystemTimeAsFileTime` `__C_specific_handler` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetCurrentThreadId`
ADVAPI32.dll	`InitializeSid` `SetSecurityDescriptorDacl` `MakeSelfRelativeSD` `MakeAbsoluteSD` `IsValidSid` `RegGetValueW` `InitializeSecurityDescriptor` `InitializeAcl` `GetSidSubAuthority` `TraceMessage` `RegisterTraceGuidsW` `UnregisterTraceGuids` `GetTraceLoggerHandle` `GetTraceEnableLevel` `GetTraceEnableFlags` `GetSidLengthRequired` `GetSecurityDescriptorSacl` `GetSecurityDescriptorOwner` `GetSecurityDescriptorLength` `GetSecurityDescriptorGroup` `GetSecurityDescriptorDacl` `GetSecurityDescriptorControl` `GetLengthSid` `GetAclInformation` `CopySid` `AddAce`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vswscanf` `__stdio_common_vswprintf_s` `__stdio_common_vsprintf_s`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm` `_execute_onexit_table` `_crt_atexit` `_errno` `_invalid_parameter_noinfo` `_initterm_e` `terminate` `abort` `_cexit` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function`
api-ms-win-crt-heap-l1-1-0.dll	`free` `calloc` `_callnewh` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s`

Delayed Imports

FxDriverEntryUm

Ordinal	`1`
Address	`0x56e0`

1

Type	`RT_VERSION`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50544`
MD5	`93c655a622c5be7a55aa1375573d6292`
SHA1	`6656588f19a12eb2d82ee16b882e7caba6b8d5e6`
SHA256	`4406f508597d8c56915b17edb018d1cb8dff909583fdacb249f66a055ed327d9`
SHA3	`1c2d8e81718978528c412982bd0173793b1ac51fd1abc702e219133da48934f0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.3.0.0
ProductVersion	2.3.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	FUJITSU CLIENT COMPUTING LIMITED
FileDescription	Wireless Radio Switch Driver
FileVersion (#2)	2.3.0.0
InternalName	fjwrdswd.dll
LegalCopyright	Copyright FUJITSU CLIENT COMPUTING LIMITED 2012-2021
OriginalFilename	fjwrdswd.dll
ProductName	Wireless Radio Switch Driver
ProductVersion (#2)	2.3.0.0

Resource LangID	Japanese - Japan

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Sep-01 04:19:17
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0xd598`
PointerToRawData	`0xc198`
Referenced File	C:\msvss\K5Project\RadioSwitchDriver\dev\WOR\!Output\x64\Driver-Release\fjwrdswd.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Sep-01 04:19:17
Version	`0.0`
SizeofData	`924`
AddressOfRawData	`0xd608`
PointerToRawData	`0xc208`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2021-Sep-01 04:19:17
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xd9a4`
PointerToRawData	`0xc5a4`

TLS Callbacks

StartAddressOfRawData	`0x18000d9c8`
EndAddressOfRawData	`0x18000d9d0`
AddressOfIndex	`0x1800102b8`
AddressOfCallbacks	`0x18000b3b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180010078`
GuardCFCheckFunctionPointer	`6442496872`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xe73401f7`
Unmarked objects	`0`
C++ objects (30034)	`36`
C objects (30034)	`9`
ASM objects (30034)	`5`
Imports (VS2008 SP1 build 30729)	`14`
Imports (29395)	`3`
Total imports	`113`
C++ objects (CVTCIL) (29395)	`2`
ASM objects (29395)	`2`
C objects (29395)	`3`
C++ objects (VS2019 Update 11 (16.11.0-3) compiler 30133)	`5`
C objects (VS2019 Update 11 (16.11.0-3) compiler 30133)	`3`
Exports (VS2019 Update 11 (16.11.0-3) compiler 30133)	`1`
Resource objects (VS2019 Update 11 (16.11.0-3) compiler 30133)	`1`
Linker (VS2019 Update 11 (16.11.0-3) compiler 30133)	`1`

Errors

Leave a comment

No comments yet.