IPNAT.SYS

IP Network Address Translator

Microsoft Corporation

It runs as a Windows kernel mode device driver named “IP Network Address Translator”.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
IP Network Address Translator

 
Part of the Windows XP Operating System

Version:
5.1.2600.2781 (xpsp.051020-1729)

MD5:
8668ee23c9bc29783d0a21c693655387

SHA-1:
0c6e249d26fc6ebc84cf765dc2f3b5078ff6e9be

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/2/2016 5:22:55 PM UTC  (today)

File size:
132.3 KB (135,424 bytes)

Product version:
5.1.2600.2781

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
IPNAT.SYS

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ipnat.sys

File PE Metadata
Compilation timestamp:
10/21/2005 5:17:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
1536:38eO91k5+mBdQ6GnriWGu4Dsq5i6LCzDGZJ44ae09ald2y7MPYJaruxRzDWoLIxj:MYPW+skL0GFrldzYkzDTL+LX

Entry address:
0x1E79C

Entry point:
8B, FF, 55, 8B, EC, A1, B4, 40, 02, 00, 85, C0, B9, 40, BB, 00, 00, 74, 04, 3B, C1, 75, 23, 8B, 15, 84, 36, 02, 00, B8, B4, 40, 02, 00, C1, E8, 08, 33, 02, 25, FF, FF, 00, 00, A3, B4, 40, 02, 00, 75, 07, 8B, C1, A3, B4, 40, 02, 00, F7, D0, A3, B0, 40, 02, 00, 5D, E9, BF, FE, FF, FF, CC, 68, E8, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, F0, 01, 00, 20, 36, 01, 00, 48, E8, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 82, F0, 01, 00, 00, 36, 01, 00, 5C, E8, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, F0, 01, 00...
 
[+]

Entropy:
5.4357

Code size:
85.6 KB (87,680 bytes)

Driver
Display name:
IP Network Address Translator

Service name:
IpNat

Type:
Kernel device driver (KernelDriver)

Depends on:
Tcpip