| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | TeeDriverx64.sys |
| File Type: | PE32+ executable (native) x86-64, for MS Windows |
| SHA1: | 0030f29cc41919fae01fa0113d011792221e8f9a |
| MD5: | 72c46a4f6ad7989baaa6381f0e13243e |
| First Seen Date: | 2016-03-05 22:04:24.956866 ( ) |
| Number of Clients Seen: | 8 |
| Last Analysis Date: | 2016-04-10 19:14:21.782587 ( ) |
| Human Expert Analysis Date: | 2016-03-06 02:20:21.349104 ( ) |
| Human Expert Analysis Result: | Clean |
| Property | Value |
|---|---|
| number of sections | 8 |
| file size | 188992 |
| LegalCopyright | Copyright © 2006-2015, Intel Corporation. All rights reserved. |
| InternalName | TeeDriverx64.sys |
| FileVersion | 11.0.0.1181 |
| CompanyName | Intel Corporation |
| ProductName | Intel(R) Management Engine Interface |
| ProductVersion | 11.0.0.1181 |
| FileDescription | Intel(R) Management Engine Interface |
| OriginalFilename | TeeDriverx64.sys |
| Translation | 0x0409 0x04b0 |
| entry point | 0x140020c84 (.text) |
| mime type | application/x-dosexec |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| compilation time stamp | 0x56B281E3 [Wed Feb 3 22:40:35 2016 UTC] |
| sha256 | 7e0e34b3e9741b737271592490db05db0c35253dd0b3009f63cd2977c1d2dd52 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x20938 | 0x20a00 | 6.332981 | - |
| .rdata | 0x22000 | 0x1ebc | 0x2000 | 5.375500 | - |
| .data | 0x24000 | 0x1348 | 0x400 | 1.522661 | - |
| .pdata | 0x26000 | 0xe28 | 0x1000 | 4.867199 | - |
| PAGE | 0x27000 | 0x2be0 | 0x2c00 | 6.267126 | - |
| INIT | 0x2a000 | 0x7f8 | 0x800 | 5.833745 | - |
| .rsrc | 0x2b000 | 0x1ea8 | 0x2000 | 4.259461 | - |
| .reloc | 0x2d000 | 0x64 | 0x200 | 1.330059 | - |
-
ksecdd.sys
- SecLookupWellKnownSid
-
ntoskrnl.exe
- memcpy_s
- RtlInitUnicodeString
- RtlGUIDFromString
- KeSetEvent
- RtlGetVersion
- KeDelayExecutionThread
- KeInitializeEvent
- EtwWrite
- RtlCompareMemory
- MmGetSystemRoutineAddress
- IoWMIRegistrationControl
- EtwRegister
- EtwUnregister
- ZwQueryInformationToken
- MmUnmapIoSpace
- PoRegisterPowerSettingCallback
- PoUnregisterPowerSettingCallback
- KeClearEvent
- KeWaitForSingleObject
- IoAllocateErrorLogEntry
- IoWriteErrorLogEntry
- KeResetEvent
- ZwPowerInformation
- RtlAnsiCharToUnicodeChar
- KeBugCheckEx
- ZwOpenProcessTokenEx
- RtlEqualSid
- RtlCopyUnicodeString
- RtlValidSid
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- MmMapIoSpace
-
HAL.dll
- KeStallExecutionProcessor
-
WDFLDR.SYS
- WdfVersionBindClass
- WdfVersionUnbind
- WdfVersionBind
- WdfVersionUnbindClass
RT_MESSAGETABLE
RT_VERSION