IDMWFP.

SYS
Default location: C:\WINDOWS\SYSTEM32\DRIVERS\IDMWFP.SYS
MD5: 0D95E45D07A3E1DD08DD2FAD2E45DC06
SHA1: B0E62948 EA970F2E 0C2F4177 94C8D5C6 BCED850B
File Size: 209 056
Version Info:
OriginalFilename: idmwfp.sys
FileDescription: Internet Download Manager WFP Driver
InternalName: idmwfp.sys
CompanyName: Tonec Inc.
FileVersion: 6.25.11.65
LegalCopyright: Copyright c 1999 - 2016 Tonec Inc.
ProductName: Internet Download Manager
ProductVersion: 6.25.11.0
PE Info of the C:\WINDOWS\SYSTEM32\DRIVERS\IDMWFP.SYS:
Type is native.
DOS-stub: 256 bytes
built for machine: unknown processor: 8664
(non-32-bit-word machine)
Bytes of machine word are not reversed
Relocation info not stripped
Local symbols not stripped
Debugging info not stripped
executable file
0 entries in symbol table
8 sections
created (GMT): Wed Jan 27 16:45:02 2016
Linker version: 9.0
.text start: 0x1000, length: 158720 bytes
.data start: 0x10000, length: 30208 bytes
.bss start:
-/-, length:
0 bytes
execution starts at
0x1140
Preferred load base is
0x0
Image size in RAM: 200 KB
Sections aligned to 4096 bytes in RAM, 512 bytes in file
Versions: NT 6.1, Win32 6.0, App 6.1
Checksum: 0x00042dd7
uses no subsystem
Stack: 256 KB reserved, 0 KB committed
Heap:
4 KB reserved, 0 KB committed
Size of headers / offset to sections in file: 0x400
"" (virt. Size/Address: 0x0)
2019914798 bytes at offset
0x0 in RAM,
default alignment (16 bytes)
at offset 0x1140: execution start
"" (virt. Size/Address: 0x0)
1633972782 bytes at offset 0x68000020 in RAM,
contains comments / information
purgeable
? 16-bit-section ?
default alignment (16 bytes)
"" (virt. Size/Address: 0x0)
1952539694 bytes at offset 0x48000040 in RAM,
contains comments / information

0x74 in file

0x6174 in file

0x61 in file

contents will not become part of image

? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)
"" (virt. Size/Address: 0x0)
1633972270 bytes at offset 0xc8000040 in RAM, 0x6174 in file
contents is COMDAT (common block data, packaged functions)
? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)
"" (virt. Size/Address: 0x0)
1162297680 bytes at offset 0x48000040 in RAM,
contents will not become part of image
? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)
"" (virt. Size/Address: 0x0)
1414090313 bytes at offset 0x60000020 in RAM,
contains comments / information
contents will not become part of image
? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)

0x0 in file

0x0 in file

"" (virt. Size/Address: 0x0)

1920168494 bytes at offset 0xe2000020 in RAM,
0x63 in file
contains comments / information
contents will not become part of image
contents is COMDAT (common block data, packaged functions)
? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)
"" (virt. Size/Address: 0x0)
1818587694 bytes at offset 0x42000040 in RAM, 0x636f in file
contains comments / information
contents will not become part of image
contents is COMDAT (common block data, packaged functions)
? far data ?
purgeable
? 16-bit-section ?
default alignment (16 bytes)
Entropy = 6.4915
Entropy: 6.49152