vmswitch.sys

Microsoft Network Virtualization Service Provider

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “VMSMP”. It is installed with the Windows 8 pre-release build (RTM).
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Microsoft® Network Virtualization Service Provider

 
Part of the Windows 8.1 (Blue) Operating System

Version:
6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:
95cd26e84fcbc665143ef195d9de8acd

SHA-1:
c41639cb15f76412118931004a13a6b5fd9d704d

SHA-256:
ca2b55b6a2d31a0d965c6b82ecb228baf6f80c024b3f9ec21e1aeb72e7669b7c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/10/2016 9:58:13 AM UTC  (today)

File size:
675 KB (691,200 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
vmswitch.sys.mui

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\vmswitch.sys

File PE Metadata
Compilation timestamp:
5/3/2014 3:35:53 AM

OS version:
6.3

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
6144:ts+MncKbc1mUP7KFZ5/Rr4tJLDJGc/C+bJ+qygmtQr3FaBmJNwNWQBzY78:Gcmc17P7i5/5SJLDhhTItM3hJeh

Entry address:
0x1070

Entry point:
48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 48, 85, C9, 48, 8B, EA, 48, 8B, F9, 75, 0A, E8, EC, 8E, 01, 00, E9, F1, 00, 00, 00, 66, 83, 25, 5F, 3A, 07, 00, 00, 48, 89, 0D, 80, 3A, 07, 00, 48, 8D, 05, 81, 3A, 07, 00, 48, 8D, 0D, 4A, 3A, 07, 00, 48, 89, 05, 4B, 3A, 07, 00, 66, C7, 05, 3C, 3A, 07, 00, 08, 02, FF, 15, 84, 96, 06, 00, 4C, 8D, 0D, 4D, 3A, 07, 00, 4C, 8D, 05, 36, 1F, 07, 00, 48, 8D, 15, 1F, 3A, 07, 00, 48, 8B, CF, E8, 59, 9B, 01, 00, 85, C0, 0F, 88, 99, 00, 00...
 
[+]

Entropy:
5.9679

Code size:
434 KB (444,416 bytes)

Driver
Display name:
VMSMP

Type:
Kernel device driver (KernelDriver)