| File Name | MDA_NTDRV.sys |
| File Type |
PE32+ executable (native) x86-64, for MS Windows
|
| Scanner Version | 1.0.210.174 |
| Database Version | 2025-03-08 04:00:45 UTC |
No threats detected by our scanner
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
cf17a39ba7d1d1e386fd0c1303642b91
|
|
| SHA1 |
e6bbddea7fc57d021de8fc2c0a07a6b52904b4dd
|
|
| SHA256 |
8c7f6530f30c56241d54fc0799347e586332c1299de1222ac9c08ad523e9cd96
|
|
| SHA512 |
088aa32e82a232ce7f2ebe7730dda60dbe2d26e1ba4fd8f5f693c271f8e360c649ca31606df413b940407df21522a40bc0f2a2da9b4efcf3a1356717dc200e09
|
|
| ImpHash |
c7bce6d53c2b7a032ae8e88bd6efa8f2
|
| Image Base | 0x00010000 |
| Entry Point | 0x00016064 |
| Compilation Time | 2013-02-25 09:04:07 |
| Checksum | 0x0000a65d (Actual: 0x0000a65d) |
| OS Version | 6.1 |
| PEiD Signatures |
PE32+ executable (native) x86-64, for MS Windows
|
| PDB Path | D:\Work\projects\common\bin\Win7\amd64\MDA_NTDRV.pdb |
| Digital Signature | OK |
| Imports |
1 libraries
ntoskrnl |
| Exports | 0 functions |
| Resources | 0 Resources |
| Sections | 6 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
7,100 bytes | 7,168 bytes | 6.24 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
A5C80C3D5210551E7113E81391FC6CF2 |
.rdata |
0x00003000 |
756 bytes | 1,024 bytes | 3.46 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
4411BF46EE6678EF2D655850845A5DAE |
.data |
0x00004000 |
392 bytes | 512 bytes | 0.53 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D40508CD041F34D22C9F1488B16AED28 |
.pdata |
0x00005000 |
300 bytes | 512 bytes | 2.46 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ
|
53A488A5F019001A64B1ABCAE51B190B |
INIT |
0x00006000 |
1,070 bytes | 1,536 bytes | 3.97 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
1BF3C9ECF165E3FD1E980FBB4488B7A4 |
.reloc |
0x00007000 |
60 bytes | 512 bytes | 0.12 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
A3975867B519FF111E66C9B06194CE6D |
| Signing Date | 09:10 AM 02/25/2013 (4485 days ago) |
| Verification Status | Signed |
| Signers | εδΊ¬ι δΏ‘η₯ε·η§ζζιθ΄£δ»»ε ¬εΈ; VeriSign Class 3 Code Signing 2010 CA; VeriSign |
| Counter Signers | Symantec Time Stamping Services Signer - G4; Symantec Time Stamping Services CA - G2; Thawte Timestamping CA |
7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B1B 09 3B 78 60 96 DA 37 BB A4 51 94 46 C8 96 780E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 5061 0C 12 06 00 00 00 00 00 1B0A D6 43 85 43 76 C0 59 5A 51 FE 44 9D 7A 7A 64β This file has been digitally signed and the certificate chain has been verified
OK
Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:
Download Anti-MalwareThis file appears clean, but regular security maintenance is important
