» NiNdisMon.sys
Overview
Analysis
File Details
Behaviors (1)

NiNdisMon.sys

Network Instruments, LLC Native 802.11 Protocol Analyzer Driver

Network Instruments, LLC

It runs as a Windows 64-bit kernel mode device driver named “Network Instruments, NDIS Monitoring Filter”.

File name:

NiNdisMon.sys

Publisher:

Network Instruments, LLC (signed and verified)

Product:

Network Instruments, LLC Native 802.11 Protocol Analyzer Driver

Description:

Network Instruments, LLC Native 802.11 Protocol Analyzer Device Driver

Version:

16,0,5,0

MD5:

fd0815e71d669dd272e46690fcf6509e

SHA-1:

b46a75b38c792a0814d97ca59f2602cafecba927

SHA-256:

55f602f643401108f5868e9e57f65feb1abf0612083c123a06131c6d1b59674d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 7:09:09 AM UTC (today)

File size:

102.1 KB (104,536 bytes)

Product version:

16,0,5,0

Original file name:

NiNdisMon.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\nindismon.sys

Digital Signature

Signed by:

Network Instruments, LLC

Authority:

VeriSign, Inc.

Valid from:

9/12/2011 8:00:00 PM

Valid to:

10/29/2014 7:59:59 PM

Subject:

CN="Network Instruments, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Network Instruments, LLC", S=Minnesota, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1F687F97C7FDCBFF63F002FA4090B2BF

File PE Metadata

Compilation timestamp:

8/21/2012 2:22:30 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

10.0

Entry address:

0x19000

Entry point:

48, 89, 5C, 24, 08, 48, 89, 7C, 24, 10, 55, 48, 8D, 6C, 24, E0, 48, 81, EC, 20, 01, 00, 00, 48, 8B, D9, 48, 8D, 15, D7, BF, FE, FF, 48, 8D, 4D, 00, FF, 15, 55, 81, FE, FF, 48, 8D, 15, 6E, BF, FE, FF, 48, 8D, 4D, 10, FF, 15, 44, 81, FE, FF, 48, 8D, 15, 0D, BF, FE, FF, 48, 8D, 4D, F0, FF, 15, 33, 81, FE, FF, BF, C8, 00, 00, 00, 48, 8D, 4C, 24, 20, 44, 8B, C7, 33, D2, 48, 89, 1D, DD, EB, FF, FF, E8, F8, C2, FF, FF, 48, 8D, 05, C1, 93, FF, FF, 33, D2, 0F, 10, 45, 10, 48, 89, 44, 24, 60, 48, 8D, 05, CF, 93, FF... 
[+]

Entropy:

6.8756

Code size:

87 KB (89,088 bytes)

Driver

Display name:

Network Instruments, NDIS Monitoring Filter

Service name:

NiNdisMon

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

Scan NiNdisMon.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.