Manalyze report for f3e3afddbb995f025bfa43c4146c4308

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2020-Apr-10 11:22:02
Detected languages	English - United States
Debug artifacts	D:\Builds\tools\objects\nisomedriver\winxpK\i386\msvc-10.0\debug\nisomedriver.pdb
CompanyName	National Instruments Corporation
LegalCopyright	Copyright © 2000-2020 National Instruments Corporation. All Rights Reserved.
ProductName	NISOMEDRIVER
OriginalFilename	nisomedriver.sys
FileDescription	Some Friendly Description of nisomedriver
ProductVersion	`1.0.0a0 debug build`
FileVersion	`1.0.0a0 debug build`
InternalName	NISOMEDRIVER 1.0.0a0 debug build
Comments	2020/04/10 14:20:27, nisomedriver/winxpK/i386/msvc-10.0/debug
PrivateBuild	alpha build

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++`
Suspicious	The PE is possibly packed.	`Unusual section name found: PAGE` `Section INIT is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: DbgPrint` `Uses Windows's Native API: ZwClose ZwMapViewOfSection ZwOpenSection ZwOpenProcess ZwUnmapViewOfSection ZwQueryValueKey ZwSetValueKey ZwDeleteKey ZwDeleteValueKey ZwOpenKey ZwCreateKey`
Info	The PE is digitally signed.	`Signer: NITestingCert` `Issuer: NITestingCert`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f3e3afddbb995f025bfa43c4146c4308`
SHA1	`2181a37150880b860a165899ba6cdb7d42b36765`
SHA256	`dabf8c37fcdfb2bcc1bf11db73df92fb0c191034119dd8bbdd46580a0fda5a97`
SHA3	`4ab0cf717e02da796f4c978d977e1f3b06e82e20c481122abe3db63391039ee4`
SSDeep	`3072:D5KfOkshQM9TYGrCrn1bD82WRKDB5yHW2Bm4CNuUTOsq:DCOVY8eV86Dvy2JGUTO`
Imports Hash	`755c9409301825cfc2b184f13c3aee2b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2020-Apr-10 11:22:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x20000`
SizeOfInitializedData	`0x1b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003C000 (Section: INIT)`
BaseOfCode	`0x1000`
BaseOfData	`0x21000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`1.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x41000`
SizeOfHeaders	`0x400`
Checksum	`0x41657`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49dc0dfb64d6435468dfa4a0b9423959`
SHA1	`0d035107666fcc214720a407d67de5fde2d517d7`
SHA256	`1df57b08c1678041fe23d5ccbdfa7ffec386a39be2144901beb2a75fafc5e494`
SHA3	`f4b4a19773418c1f042edf76b8a912aa4a5ee309d1e7305216ba57f159c1efce`
VirtualSize	`0x1f1af`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1f200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.10287`

.rdata

MD5	`f0e8f2f5d952175277f761b901549875`
SHA1	`42808d8f22b5edb187a2b283b4f64a759d4aaf81`
SHA256	`645874fa4a4edf26df870d64e3866fd74826df26b1b94008d9a65a23a765d286`
SHA3	`bf52ba01ef046443a3a22f36d44f03fd018ed6db5c06628317177d68aabc7e72`
VirtualSize	`0x177cc`
VirtualAddress	`0x21000`
SizeOfRawData	`0x17800`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.36117`

.data

MD5	`36c23bf51c3a26d6ba4d490fddc41fc5`
SHA1	`25da516b11f333950793bbd57709d4aa6c7dbe0e`
SHA256	`09f9a7a02df39e4bac13c9951305ee3cbd4afea6de7d9106f5ee497f211f5205`
SHA3	`3b26b2c2b7ca86589280da1edfd517bf5c22913318c6191a1e3a0d2f9acfe7c7`
VirtualSize	`0xf04`
VirtualAddress	`0x39000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x36e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12168`

.CRT

MD5	`20bd0226e93f9d4795ba09e826a9dcc6`
SHA1	`0cb1323a8654dd2c9b1fa5a84cb38f1b152bc684`
SHA256	`7409c6a93757b5e72bb7ece36639c9167d858d30a8e1942d755d23f5e997a47d`
SHA3	`fde6d2926a58ab138e4eea6249b339a0c46d51c5c90bae032c3a4d222159d443`
VirtualSize	`0x14`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x37c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`0.164765`

PAGE

MD5	`d4fb943e9a985fddeff6698455630cce`
SHA1	`fa1ada99aff8ac14c03d8935a201ffd8effe150d`
SHA256	`8028173fa51c4591b1be60b5e554cdf033aa3a2b61d1a6ae271c7ba0f032a5a8`
SHA3	`5aa343a00f2974e35bd30d9db5fe3c7e2fc19096d1e728d068926e5295ad864a`
VirtualSize	`0x187`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x37e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.87276`

INIT

MD5	`696afbaa6ee10064050c12617974a9f3`
SHA1	`2a77daec78527393897e7f9351862df8e2583058`
SHA256	`602b1e644e4f5f2056a34121a171e22e76231931ac3435e1af2eaee23b6d331b`
SHA3	`d7ca869cfc4baa339053a6d8f3154bcf4f1205e256dc41eacdd244208dfec7c5`
VirtualSize	`0xb64`
VirtualAddress	`0x3c000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.6497`

.rsrc

MD5	`d8d83c913d8073fec28b7bb7d4bc3fb1`
SHA1	`778c8ba9b1b13581c41d2c40f679f12882ac79fe`
SHA256	`cca1351abd1962a35cec959bd8c5145c4bc3590219a395bfdd9a74b613a40639`
SHA3	`9f60376b107d50fdfb7f1c69ee11d92ff73c4eefd94e97f1034fd2f0dcd1bd4d`
VirtualSize	`0x528`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x600`
PointerToRawData	`0x38c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.04911`

.reloc

MD5	`31cf143a5f5117fe8919a4fd0f982a6d`
SHA1	`fddbe98248303501bb15e0f38dc4dc58be62f25d`
SHA256	`83e6e35e0db0ae3e8a921a1485d8d4ad09ad1efe32c4935103c4922575bd325e`
SHA3	`90a89be200cb98fc0a1147ce5450d3352c9a9380a17be70e4bed5291d1ea8cbf`
VirtualSize	`0x24e6`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x39200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58513`

Imports

ntoskrnl.exe	`IoGetDeviceProperty` `IoDeleteDevice` `IoDetachDevice` `IoAttachDeviceToDeviceStack` `IoInitializeRemoveLockEx` `IoCreateDevice` `KeSetEvent` `KeInitializeEvent` `ExAllocatePoolWithTag` `KeInitializeMutex` `ExFreePoolWithTag` `RtlFreeUnicodeString` `memcpy` `_aulldiv` `_aullrem` `_allmul` `_purecall` `IoAllocateWorkItem` `IoFreeWorkItem` `IoReleaseRemoveLockAndWaitEx` `ObfDereferenceObject` `ProbeForWrite` `ObReferenceObjectByHandle` `ExEventObjectType` `_except_handler3` `KeWaitForSingleObject` `IoQueueWorkItem` `RtlInitUnicodeString` `IoOpenDeviceRegistryKey` `PoSetPowerState` `PoRequestPowerIrp` `IoOpenDeviceInterfaceRegistryKey` `IoRegisterDeviceInterface` `RtlAnsiStringToUnicodeString` `RtlInitAnsiString` `IoSetDeviceInterfaceState` `RtlEqualUnicodeString` `KeInsertQueueDpc` `IoBuildSynchronousFsdRequest` `KeReleaseMutex` `memset` `PsReferencePrimaryToken` `IoGetRequestorProcess` `PsDereferenceImpersonationToken` `SeTokenIsAdmin` `PsReferenceImpersonationToken` `MmFreePagesFromMdl` `MmAllocatePagesForMdl` `MmFreeContiguousMemory` `MmAllocateContiguousMemory` `MmBuildMdlForNonPagedPool` `MmSizeOfMdl` `MmUnlockPages` `PsGetProcessId` `ProbeForRead` `PsGetCurrentProcessId` `MmMapLockedPagesSpecifyCache` `IoBuildPartialMdl` `ZwClose` `ZwMapViewOfSection` `ZwOpenSection` `ZwOpenProcess` `MmUnmapLockedPages` `ZwUnmapViewOfSection` `MmMapIoSpace` `MmUnmapIoSpace` `KeInitializeSemaphore` `KeReleaseSemaphore` `KeQueryTimeIncrement` `_alldiv` `KeTickCount` `KeGetCurrentThread` `memmove` `ZwQueryValueKey` `ZwSetValueKey` `ZwDeleteKey` `ZwDeleteValueKey` `ZwOpenKey` `ZwCreateKey` `DbgPrint` `_vsnprintf` `_wcsupr` `wcstombs` `IofCallDriver` `IoReleaseRemoveLockEx` `IoAcquireRemoveLockEx` `PsDereferencePrimaryToken` `IofCompleteRequest` `IoGetDeviceNumaNode` `RtlAnsiCharToUnicodeChar` `KeBugCheckEx` `MmGetSystemRoutineAddress` `IoConnectInterrupt` `IoDisconnectInterrupt` `KeQueryActiveProcessors`
HAL.DLL	`ExAcquireFastMutex` `KeQueryPerformanceCounter` `KfReleaseSpinLock` `KeGetCurrentIrql` `KfAcquireSpinLock` `ExReleaseFastMutex`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51386`
MD5	`04940acf43ce744c9958ab2e38a8c3fe`
SHA1	`171b835cf67bec48a8e513820bc45875e48a725d`
SHA256	`413ad5b2a24b2f4db17c141a586b8430cca8952178c0077fd40e3eb2bc8f6928`
SHA3	`deba1488a9d699912eb2929ca575fe25f59752f832d5e9a93437ad5d26e2e805`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.16384
ProductVersion	1.0.0.16384
FileFlags	`VS_FF_DEBUG` `VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	National Instruments Corporation
LegalCopyright	Copyright © 2000-2020 National Instruments Corporation. All Rights Reserved.
ProductName	NISOMEDRIVER
OriginalFilename	nisomedriver.sys
FileDescription	Some Friendly Description of nisomedriver
ProductVersion (#2)	1.0.0a0 debug build
FileVersion (#2)	1.0.0a0 debug build
InternalName	NISOMEDRIVER 1.0.0a0 debug build
Comments	2020/04/10 14:20:27, nisomedriver/winxpK/i386/msvc-10.0/debug
PrivateBuild	alpha build

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Apr-10 11:22:02
Version	`0.0`
SizeofData	`106`
AddressOfRawData	`0x38724`
PointerToRawData	`0x36d24`
Referenced File	D:\Builds\tools\objects\nisomedriver\winxpK\i386\msvc-10.0\debug\nisomedriver.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc87ecd0e`
Unmarked objects	`0`
C objects (VS2008 SP1 build 30729)	`13`
C++ objects (VS2008 SP1 build 30729)	`4`
Total imports	`101`
Imports (VS2003 (.NET) build 4035)	`5`
C++ objects (VS2010 SP1 build 40219)	`28`
C objects (VS2010 SP1 build 40219)	`4`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

f3e3afddbb995f025bfa43c4146c4308

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.CRT

PAGE

INIT

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors