» acdev.sys
Overview
Analysis
File Details
Behaviors (1)

acdev.sys

Oleg Shcherbakov

It runs as a Windows kernel mode device driver named “acdev”.

File name:

acdev.sys

Publisher:

Oleg Shcherbakov (signed and verified)

MD5:

0311a2c341d8a5d8995378f3ea880fcf

SHA-1:

219a0843fc1b089dec5ad8f1b321b2e3b0c62860

SHA-256:

d20e95a4fe34020f6ecb1ef7d116596e40b1e77b02d20c04895b1992c2492181

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 7:36:22 PM UTC (today)

File size:

1.1 MB (1,204,024 bytes)

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\ingato\myac\acdev.sys

Digital Signature

Signed by:

Oleg Shcherbakov

Authority:

GlobalSign nv-sa

Valid from:

11/6/2012 8:09:30 PM

Valid to:

12/29/2013 7:27:52 PM

Subject:

CN=Oleg Shcherbakov, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D3E14F47C600CC45FB975E2B840FA84B

File PE Metadata

Compilation timestamp:

1/30/2013 1:03:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:S9/nw/2uKLh7ek3WyBqEUIAKDwcTDhfgvH7Wv13xub4Z0H:Fy7j3WyLA6BDc7Wv13S/H

Entry address:

0x4440

Entry point:

E9, 67, AB, 05, 00, 9C, E9, 06, E4, FF, FF, 0F, 98, C0, 89, 5C, 24, 14, 60, 5B, 9C, 87, 7C, 24, 30, 66, 0F, B6, F2, F3, 9C, 8F, 44, 24, 2C, 4E, 9C, 0F, B6, FA, 89, 6C, 24, 2C, 8D, B6, 56, 97, 7A, 1B, 87, F7, 9C, 89, 6C, 24, 2C, 66, 87, FE, E9, DB, F3, FF, FF, 9C, 60, 87, 74, 24, 20, 5E, 89, 4C, 24, 18, 66, 0F, BE, F0, 9C, 0F, 95, C5, 66, 0F, BE, C9, 89, 44, 24, 18, E9, 5B, F0, FF, FF, 0F, B6, 46, FF, 56, 68, 8A, 40, 2D, C6, 4E, E9, 82, EA, FF, FF, 38, FA, 0F, BA, E0, 06, 83, C5, 04, FD, 60, FF, 74, 24, 20... 
[+]

Entropy:

7.9797

Packer / compiler:

Xtreme-Protector v1.05

Code size:

36 KB (36,864 bytes)

Driver

Display name:

acdev

Type:

Kernel device driver (KernelDriver)

Scan acdev.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.