190352715369658613b8b2d2eeaee85e9f64817364e5d42b8c48554b781cbf8f

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_NATIVE
Compilation Date 2026-Jun-18 13:59:49
Debug artifacts C:\b\14923436398\driver\x64\Release\FACEIT_IOMMU.pdb

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .grfn1
The PE only has 5 import(s).
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • ZwQuerySystemInformation
Info The PE is digitally signed. Signer: Microsoft Windows Hardware Compatibility Publisher
Issuer: Microsoft Windows Third Party Component CA 2014
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f60c0dcb466cdfb0c218ae617db0a1c3
SHA1 145aeb3078f0b6e0ef68f35549470bba0ae15339
SHA256 190352715369658613b8b2d2eeaee85e9f64817364e5d42b8c48554b781cbf8f
SHA3 7903545061b1bd8ec5f5bab742e7edac31c3bcba8b12a9347184a1e3e369a510
SSDeep 49152:dtMY/33UCIjfXru6gKXpgXuquV5a5XWPXTC5WZPdAvffH8QBz1N:dWBJcBzj
Imports Hash f1d54580fed0c2c9ae6eee47a4f6a29f

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2026-Jun-18 13:59:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x4600
SizeOfInitializedData 0x1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000009000 (Section: INIT)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x3f1000
SizeOfHeaders 0x400
Checksum 0x3fbf02
Subsystem IMAGE_SUBSYSTEM_NATIVE
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 16abb4123bc042550823d7041837a3cf
SHA1 43d708204a719543b46f43c31da91d9636d4102f
SHA256 49bac5f0c893f234bb4d05c33f2adcbc3f0fab61b12a0a9ae5d5d51f09dfa310
SHA3 de43559d605062479861d3b5d66af1f4357749cde41fd7692a0168907157d794
VirtualSize 0x4266
VirtualAddress 0x1000
SizeOfRawData 0x4400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 7.82269

.rdata

MD5 198f3e05027992f91d7d802249d103cd
SHA1 c7c5168a9a470df9f3f1af6ff5936e9fe2ae70ae
SHA256 d3959d67c38bf8ff525da907acb310821d3ee111a98ae59a55ff00bb7d796297
SHA3 0e661119a49bb94100ac8bed6d170d06c41aad5842613e7bc8df0ae946a7134d
VirtualSize 0x740
VirtualAddress 0x6000
SizeOfRawData 0x800
PointerToRawData 0x4800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 3.72624

.data

MD5 50ec0f8daea28379ef4a7aa260594e19
SHA1 e597a1741288f6695a2c2f3426727a8462b7e869
SHA256 f2f85dfc4d23ee57a42d259c902f6cee846a3c535c7b6141ad8f859cf026615b
SHA3 fa5fecb58286bd81d7dea55f60930589b244e60a74f553ddaaa8c5809294bbe8
VirtualSize 0x438
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.301407

.pdata

MD5 ebd05af46b4b16c0cdd0443dfe494d6e
SHA1 2c34600b5aafb72062da7bd5bcf556f4dc0e771d
SHA256 86742963b56a8324ffab8dd45023b105818637cfa5349cd2a027507db7db6ddb
SHA3 1ea94d616f06126535dbaa60537bc36a061b6c4b8003e7e3224cfc99fa7d8750
VirtualSize 0x3a8
VirtualAddress 0x8000
SizeOfRawData 0x400
PointerToRawData 0x5200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
Entropy 3.86874

INIT

MD5 5e50aeb3257782e7f3c7ad0a85251007
SHA1 968fa12e773feaea6710c47c1be0eecd2855eb5f
SHA256 f9ca632f38188db1ff14182df6c898e2160c5c3f6ec7b4f3d7c130a943c956a1
SHA3 5322167d165b454c2d5bfabe61cbd4654fc8c1bd2510a17a5ce4a59870c9731f
VirtualSize 0x13a
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.53447

.reloc

MD5 e67cf3a20ec6672f1f9fa61545b8cc07
SHA1 ed69f0009f90139e3dc0ea98bef2f9333ed04764
SHA256 134f7f6205ef4249b74b96fd70c8f94de7638f0cb26d32653f690d7ea1f1e788
SHA3 2cd177e44c4eda6d4b744789adf2eccbbe960543a13497b1877fa512541c996f
VirtualSize 0x40
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.9358

.grfn1

MD5 ef95fc91c4ffdca5c86e49c518987359
SHA1 9900d625fcefe31f64a0cf0e7c9399623c42ae3a
SHA256 edb46ac59de6d49e426826b68ad48d02319d3720446cc2cd8fe16c48be22c995
SHA3 9e66d8d435119bd3a58d633ffe93e5ab4ea99308cd8ebd466b62183901b2ccf5
VirtualSize 0x3e5ec4
VirtualAddress 0xb000
SizeOfRawData 0x3e6000
PointerToRawData 0x5a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.01767

Imports

ntoskrnl.exe ZwQuerySystemInformation
MmGetSystemRoutineAddress
__C_specific_handler
KeInitializeSpinLock
_wcsicmp

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-Jun-18 13:59:49
Version 0.0
SizeofData 77
AddressOfRawData 0x6300
PointerToRawData 0x4b00
Referenced File C:\b\14923436398\driver\x64\Release\FACEIT_IOMMU.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-Jun-18 13:59:49
Version 0.0
SizeofData 300
AddressOfRawData 0x6350
PointerToRawData 0x4b50

UNKNOWN

Characteristics 0
TimeDateStamp 2026-Jun-18 13:59:49
Version 0.0
SizeofData 4
AddressOfRawData 0x64a4
PointerToRawData 0x4ca4

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140007000

RICH Header

XOR Key 0xcc8be630
Unmarked objects 0
Imports (33136) 3
Total imports 5
ASM objects (33136) 5
C objects (33136) 8
ASM objects (24234) 1
C++ objects (LTCG) (35228) 9
Linker (35228) 1

Errors

Leave a comment

No comments yet.