» niprobemem.sys
Overview
Analysis
File Details
Behaviors (1)

niprobemem.sys

Network Instruments, LLC

It runs as a Windows kernel mode device driver named “NiProbeMem”.

File name:

niprobemem.sys

Publisher:

Network Instruments LLC (signed by Network Instruments, LLC)

Description:

NiProbeMem for Observer Device Driver

Version:

16,1,13,0

MD5:

aa37c052060097ce1e1bd429160bf545

SHA-1:

d54b2232d02bbbd3ca7d9d4b75a1bfc8fdb506f6

SHA-256:

ad9ab8a9c8fad562c84570b21a1b66d2d95016b9604d47715ee29d487821b1ee

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 9:53:57 PM UTC (today)

File size:

47.3 KB (48,384 bytes)

Product version:

16,1,13,0

Original file name:

NiProbMem.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\niprobemem.sys

Digital Signature

Signed by:

Network Instruments, LLC

Authority:

VeriSign, Inc.

Valid from:

9/12/2011 8:00:00 PM

Valid to:

10/29/2014 7:59:59 PM

Subject:

CN="Network Instruments, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Network Instruments, LLC", S=Minnesota, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1F687F97C7FDCBFF63F002FA4090B2BF

File PE Metadata

Compilation timestamp:

10/23/2013 8:15:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

10.0

CTPH (ssdeep):

768:qSop4Fop4aZIywHxjBuVQDmEBLFmaK5qchzsvrX46rnTZE8hgofek7yXSOyma7a:f79HxW5gKUiwHyXSAR

Entry address:

0x5730

Entry point:

55, 8B, EC, 83, EC, 14, 56, 57, 68, 34, 27, 01, 00, 6A, 03, 68, 00, 01, 00, 00, E8, 37, F0, FF, FF, 68, 28, 27, 01, 00, 68, 1C, 27, 01, 00, 68, 04, 27, 01, 00, 6A, 04, 68, 00, 01, 00, 00, E8, 1C, F0, FF, FF, A1, 3C, 10, 01, 00, 83, C4, 20, 80, 38, 00, 74, 27, 68, E0, 26, 01, 00, 6A, 01, 68, 00, 01, 00, 00, E8, FE, EF, FF, FF, 83, C4, 0C, FF, 15, 38, 10, 01, 00, B8, 9A, 00, 00, C0, 5F, 5E, 8B, E5, 5D, C2, 08, 00, E8, D3, 17, 00, 00, 85, C0, 74, 0E, 6A, 00, E8, 48, 18, 00, 00, 68, B0, 26, 01, 00, EB, 05, 68... 
[+]

Entropy:

6.3160

Developed / compiled with:

Microsoft Visual C++

Code size:

34 KB (34,816 bytes)

Driver

Display name:

NiProbeMem

Type:

Kernel device driver (KernelDriver)

Scan niprobemem.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.