» tdi_windnat.sys
Overview
Analysis
File Details
Behaviors (1)

tdi_windnat.sys

SANGFOR TECHNOLOGIES CO,. LTD

It runs as a Windows kernel mode device driver named “tdi_windnat”.

File name:

tdi_windnat.sys

Publisher:

SANGFOR TECHNOLOGIES CO,. LTD (signed and verified)

MD5:

720de2cea04e4c4b67d971657a74a50a

SHA-1:

4326051427d79790435fc4dd62a50edb4e9129dd

SHA-256:

7f207588b88dadd4095e37d0b7ac712468c52861e4de461bf052ba289552527c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 12:18:31 PM UTC (today)

File size:

23.4 KB (23,992 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\tdi_windnat.sys

Digital Signature

Signed by:

SANGFOR TECHNOLOGIES CO,. LTD

Authority:

WoSign eCommerce Services Limited

Valid from:

8/29/2011 2:51:33 PM

Valid to:

9/1/2014 5:22:00 AM

Subject:

E=its@sangfor.com, CN="SANGFOR TECHNOLOGIES CO,. LTD", O="SANGFOR TECHNOLOGIES CO,. LTD", L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

08D79DB9B87CBA

File PE Metadata

Compilation timestamp:

3/13/2012 1:14:22 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:dOJrMlZa8JzpmSnh+puJAFhEs/3mirILPEq7O0C0M8XI:darMlZa8+K8vETIILrO0ub

Entry address:

0x1F03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, F0, 23, FE, FF, CC, CC, B8, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, F2, 01, 00, 18, 40, 00, 00, A0, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, F3, 01, 00, 00, 40, 00, 00, B0, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6A, F3, 01, 00, 10, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3A, F3, 01, 00, 26, F3, 01, 00, 12, F3, 01, 00, 00, 00, 00, 00, 56, F3, 01, 00, 00, 00, 00, 00, 98, F1, 01, 00, B0, F1... 
[+]

Entropy:

6.8653

Code size:

11 KB (11,264 bytes)

Driver

Display name:

tdi_windnat

Type:

Kernel device driver (KernelDriver)

Depends on:

Tcpip

Scan tdi_windnat.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.