» sndtaudio.sys
Overview
Analysis
File Details
Behaviors (1)

sndtaudio.sys

Windows Codename Longhorn DDK driver

Private Multimedia Authority

It runs as a Windows kernel mode device driver named “SndTAudio”.

File name:

sndtaudio.sys

Publisher:

Windows (R) Codename Longhorn DDK provider (signed by Private Multimedia Authority)

Product:

Windows (R) Codename Longhorn DDK driver

Description:

Support Device

Version:

6.0.6000.16386 built by: WinDDK

MD5:

26a5ee7963d22e38957f6d2ffd72ab2b

SHA-1:

e6c4a536db3c96eecc35ae151f1a8ab49429e9f6

SHA-256:

5ecf24b0c2748518a53185aeba18f32cb3c264e20adebcb9e7df51e40b38e74b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 2:55:31 AM UTC (today)

File size:

22.6 KB (23,096 bytes)

Product version:

6.0.6000.16386

Original file name:

Driver

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\sndtaudio.sys

Digital Signature

Signed by:

Private Multimedia Authority

Authority:

Private Multimedia Authority

Valid from:

6/30/2007 6:00:00 PM

Valid to:

6/30/2017 6:00:00 PM

Subject:

CN=Private Multimedia Authority

Issuer:

CN=Private Multimedia Authority

Serial number:

CA7F3617A9D4929349425CD7BFB25191

File PE Metadata

Compilation timestamp:

4/9/2009 11:18:41 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

384:P4DCWfWc921mSMY6NrWN1/+U+eZX08pdC2tulft5EaUWdYjqg42sI5mDfXT38:8CuWw21mSYK1mWLQlfE3rs223

Entry address:

0x7067

Entry point:

8B, FF, 55, 8B, EC, A1, 80, 45, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, A0, 30, 01, 00, B8, 80, 45, 01, 00, C1, E8, 08, 33, 02, A3, 80, 45, 01, 00, 75, 07, 8B, C1, A3, 80, 45, 01, 00, F7, D0, A3, 84, 45, 01, 00, 5D, E9, 5D, FF, FF, FF, CC, 31, 31, 0A, 00, 49, 00, 6E, 00, 73, 00, 74, 00, 43, 00, 6F, 00, 75, 00, 6E, 00, 74, 00, 00, 00, CC, CC, 20, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CC, 74, 00, 00, 0C, 30, 00, 00, 14, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 75, 00... 
[+]

Entropy:

5.9812

Code size:

15 KB (15,360 bytes)

Driver

Display name:

SndTAudio

Type:

Kernel device driver (KernelDriver)

Scan sndtaudio.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.