The 3686b42d77.sys.177abe0.177bc4b (Dr.Web Protection for Windows) File Analysis
Technical Analysis
| File Name | 3686b42d77.sys.177abe0.177bc4b |
| File Type |
PE32+ executable (native) x86-64, for MS Windows
|
| Scanner Version | 1.0.234.174 |
| Database Version | 2026-01-16 16:00:22 UTC |
Clean File
No threats detected by our scanner
0%
Detection Rate
1,244,176
File Size (bytes)
2026-01-16
Analysis Date
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
3196fe20194e1afa22b6c2b913fe9eb8
|
|
| SHA1 |
dbfa16d5e5bfcd1624cf3d4c1f06f347879b56e9
|
|
| SHA256 |
73548e891ba0ff2c2b05c1edb1c05b09b97488d2a9c27a62754059d5a79ed3b8
|
|
| SHA512 |
e31a43a6afb53fdcb839719c250b968695449ea21ef7c976d7e7cc90742db210d786c63352e4f077510d76bf54dbd44c5ae621e92ffbc1240aaaf73665ba5865
|
|
| ImpHash |
d0e835f4e571596c1c79b6dbc2efb4df
|
PE Analysis
Basic Information
▼| Image Base | 0x140000000 |
| Entry Point | 0x140128650 |
| Compilation Time | 2025-09-30 10:08:24 |
| Checksum | 0x00134184 (Actual: 0x00134184) |
| OS Version | 10.0 |
| PEiD Signatures |
PE32+ executable (native) x86-64, for MS Windows
|
| PDB Path | D:\projects\dwprot\testing\drweb-protection\bin\x64\Release\dwprot_x64.pdb |
| Digital Signature | OK |
| Imports |
2 libraries
FLTMGR, ntoskrnl |
| Exports | 0 functions |
| Resources | 2 Resources |
| Sections | 9 Sections |
Version Information
▼| CompanyName | Doctor Web, Ltd. |
| FileDescription | Dr.Web Protection for Windows |
| FileVersion | 12.06.31.9300 |
| InternalName | dwprot.sys |
| LegalCopyright | Copyright Doctor Web, Ltd., 1992-2025 |
| OriginalFilename | dwprot.sys |
| ProductName | Dr.Web Anti-Virus |
| ProductVersion | 12.06.31 |
| Translation | 0x0000 0x04b0 |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
127,327 bytes | 127,488 bytes | 6.82 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
16C72F217AA6C9DEF283A870D3FC8050 |
NONPAGED |
0x00021000 |
9,547 bytes | 9,728 bytes | 6.26 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
E6EBCF4CBAA110FE5E1DC4F649DB3C19 |
.rdata |
0x00024000 |
43,180 bytes | 43,520 bytes | 5.71 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
58463A62B7EF6C40AF8C48549D98E5F2 |
.data |
0x0002f000 |
554,952 bytes | 551,424 bytes | 6.47 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
C6F79B226B4FBFB777B814B4EE836A82 |
.pdata |
0x000b7000 |
14,124 bytes | 14,336 bytes | 5.84 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
B99AA9B179173806F6EE1663E03BF079 |
PAGE |
0x000bb000 |
433,858 bytes | 434,176 bytes | 6.45 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
9CDADFDEDBE7935DD611E7E34367EBA9 |
INIT |
0x00125000 |
23,868 bytes | 24,064 bytes | 6.37 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
3AF227FC9A06D1CBD1A38F2B357F5486 |
.rsrc |
0x0012b000 |
1,144 bytes | 1,536 bytes | 2.66 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
E0835A7CD9A81892AB27FAE9682A9879 |
.reloc |
0x0012c000 |
12,716 bytes | 12,800 bytes | 6.05 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
D7D8BECA0FB79DB7603BF2DB5620119F |
Entropy Analysis Alert
1 section(s) with elevated entropy (≥6.5) - possible compression
Resource Analysis
▼
Total Resources: 2
(980 bytes)
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_MESSAGETABLE | 1 | 176 bytes | |
| RT_VERSION | 1 | 804 bytes |
Certificate Chain Analysis
▼Certificate Information
| Product | Dr.Web Anti-Virus |
| Description | Dr.Web Protection for Windows |
| File Version | 12.06.31.9300 |
| Original Name | dwprot.sys |
| Internal Name | dwprot.sys |
| Copyright | Copyright Doctor Web, Ltd., 1992-2025 |
Certificate Chain Summary
Microsoft Windows Hardware Compatibility Publisher #1
Primary
Validity Period: 2025-07-16 20:48:21 → 2026-07-14 20:48:21
Signature Algorithm: sha256RSA
Serial Number:
33 00 00 00 75 19 D8 51 91 F3 C9 C5 89 00 00 00 00 00 75
Microsoft Windows Third Party Component CA 2014 #2
Chain
Validity Period: 2014-10-15 20:31:27 → 2029-10-15 20:41:27
Signature Algorithm: sha256RSA
Serial Number:
33 00 00 00 0D 69 0D 5D 78 93 D0 76 DF 00 00 00 00 00 0D
Microsoft Time-Stamp Service #3
Chain
Validity Period: 2025-01-30 19:43:03 → 2026-04-22 19:43:03
Signature Algorithm: sha256RSA
Serial Number:
33 00 00 02 0E 2C CB 28 7D 95 20 75 63 00 01 00 00 02 0E
Microsoft Time-Stamp PCA 2010 #4
Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number:
33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15
GlobalSign GCC R45 CodeSigning CA 2020 #5
Chain
Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00
Signature Algorithm: sha256RSA
Serial Number:
77 BD 0E 03 A1 B7 08 F8 54 AB 06 72 10 D9 04 47
DOCTOR WEB, LTD #6
Chain
Validity Period: 2023-10-02 14:00:26 → 2026-10-02 14:00:26
Signature Algorithm: sha256RSA
Serial Number:
62 6E E8 21 A1 98 52 9B 62 4E B3 D2
DigiCert SHA256 RSA4096 Timestamp Responder 2025 1 #7
Chain
Validity Period: 2025-06-04 00:00:00 → 2036-09-03 23:59:59
Signature Algorithm: sha256RSA
Serial Number:
0A 80 EF 18 4B 8D F1 05 82 D1 C4 76 A7 95 74 68
DigiCert Trusted G4 TimeStamping RSA4096 SHA256 2025 CA1 #8
Chain
Validity Period: 2025-05-07 00:00:00 → 2038-01-14 23:59:59
Signature Algorithm: sha256RSA
Serial Number:
0D C7 AC 57 05 FF 21 99 2E 40 43 22 0C 3A 49 86
DigiCert Trusted Root G4 #9
Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number:
0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
VeriSign Class 3 Code Signing 2004 CA #10
Chain
Validity Period: 2004-07-16 00:00:00 → 2014-07-15 23:59:59
Signature Algorithm: sha1RSA
Serial Number:
41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
Doctor Web Ltd. #11
Chain
Validity Period: 2008-08-08 00:00:00 → 2011-10-07 23:59:59
Signature Algorithm: sha1RSA
Serial Number:
0D 34 69 5F 3D F1 20 6D A6 57 9A 0D B7 85 C2 5F✓ This file has been digitally signed and the certificate chain has been verified
- The signature ensures file integrity and authenticity from the publisher
- Timestamping proves when the signature was applied
Certificate Verification Status
OK
Remember: This is Result of Online Virus Scanner
Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:
Download Anti-MalwareKeep Your System Protected
This file appears clean, but regular security maintenance is important
-
Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
-
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
-
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
-
Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
