» 1cd389ac.sys
Overview
Analysis
File Details
Behaviors (1)

1cd389ac.sys

The file 1cd389ac.sys has been detected as malware by 33 anti-virus scanners. It runs as a Windows kernel mode device driver named “1cd389ac”.

File name:

1cd389ac.sys

MD5:

ecf85d94c57187d0ae6e6e5cb9ff93ab

SHA-1:

cd99fb82ec2aff4ae5ede5f1d794544f0940c0d2

SHA-256:

6ec2ce6197d619dd5074639ecba1feb272f655e30176213bd591ed4643e5d61d

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/25/2024 12:04:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.52507

1018

Agnitum Outpost

Trojan.PWS.OnLineGames2

7.1.1

AhnLab V3 Security

Win-Trojan/Wgames.Gen

14.04.23

Avira AntiVirus

TR/Rootkit.Gen5

7.11.144.202

avast!

Win32:Vanti-BX [Rtk]

2014.9-140423

AVG

Hider

2015.0.3496

Bitdefender

Gen:Variant.Zusy.52507

1.0.20.565

Comodo Security

TrojWare.Win32.Vanti.B

18152

Dr.Web

Trojan.PWS.Gamania.41112

9.0.1.0113

Emsisoft Anti-Malware

Gen:Variant.Zusy.52507

8.14.04.23.02

ESET NOD32

Win32/PSW.OnLineGames.QPF

8.9709

Fortinet FortiGate

W32/Vanti.BX!tr

4/23/2014

F-Prot

W32/SYStroj.N.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.52507

11.2014-23-04_4

G Data

Gen:Variant.Zusy.52507

14.4.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Password-Stealer

13.176.11847

Kaspersky

Trojan-GameThief.Win32.OnLineGames2

14.0.0.3975

McAfee

Obfuscated-FSN!hb

5600.7152

Microsoft Security Essentials

PWS:WinNT/OnLineGames.E

1.10502

MicroWorld eScan

Gen:Variant.Zusy.52507

15.0.0.339

NANO AntiVirus

Trojan.Win32.Gamania.bxpakr

0.28.0.59492

Norman

OnLineGames.SCDF

11.20140423

nProtect

Trojan/W32.Agent.28896.D

14.04.22.01

Qihoo 360 Security

Malware.QVM00.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Killav!1.9CBF

23.00.65.14421

Sophos

Troj/GameSpy-G

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

10649

Trend Micro House Call

TSPY_ONLINEG.SMJ0

7.2.113

Trend Micro

TSPY_ONLINEG.SMJ0

10.465.23

Vba32 AntiVirus

TrojanPSW.OnLineGames2

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28524

ViRobot

Trojan.Win32.PSWIGames.28896.A

2011.4.7.4223

File size:

28.2 KB (28,896 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\1cd389ac.sys

File PE Metadata

Compilation timestamp:

6/21/2013 6:31:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

5.12

CTPH (ssdeep):

768:U+j7l7l7l7l7l7l7Fn8fOFG72xeT1uFFfIdg4o:UB/uFO+4

Entry address:

0x1E0F

Entry point:

55, 8B, EC, 81, EC, 68, 0C, 00, 00, 53, 56, 57, 6A, 07, 59, BE, 20, 14, 01, 00, 8D, 7D, C0, 6A, 09, F3, A5, 66, A5, 59, BE, 40, 14, 01, 00, 8D, 7D, 98, 33, DB, F3, A5, 66, A5, B9, FF, 02, 00, 00, 33, C0, 8D, BD, 99, F3, FF, FF, 88, 9D, 98, F3, FF, FF, F3, AB, 66, AB, AA, 8D, 05, 74, 34, 01, 00, 8D, 05, 70, 34, 01, 00, C6, 05, 00, 4B, 01, 00, 4D, C6, 05, 01, 4B, 01, 00, 41, C6, 05, 02, 4B, 01, 00, 50, C6, 05, 60, 4B, 01, 00, 44, C6, 05, 61, 4B, 01, 00, 4E, C6, 05, 62, 4B, 01, 00, 46, C6, 05, C0, 4B, 01, 00... 
[+]

Entropy:

5.1796

Developed / compiled with:

Microsoft Visual C++

Code size:

12.8 KB (13,120 bytes)

Driver

Display name:

1cd389ac

Type:

Kernel device driver (KernelDriver)

Remove 1cd389ac.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.