» acdev64.sys
Overview
Analysis
File Details
Behaviors (1)

acdev64.sys

Oleg Shcherbakov

It runs as a Windows 64-bit kernel mode device driver named “acdev”.

File name:

acdev64.sys

Publisher:

Oleg Shcherbakov (signed and verified)

MD5:

bbaf4271cf15351d6157323bf5ee917b

SHA-1:

c4f6d344f04209e6d88d5a3458fd005c4e76cbb0

SHA-256:

369a81a7e756d2fd099b551ae1d05b672974a1b44edc90d7bcf7a03902a656f4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:08:49 PM UTC (a few moments ago)

File size:

1.4 MB (1,486,648 bytes)

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\ingato\myac\acdev64.sys

Digital Signature

Signed by:

Oleg Shcherbakov

Authority:

GlobalSign nv-sa

Valid from:

11/6/2012 5:09:30 PM

Valid to:

12/29/2013 4:27:52 PM

Subject:

CN=Oleg Shcherbakov, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D3E14F47C600CC45FB975E2B840FA84B

File PE Metadata

Compilation timestamp:

1/29/2013 10:03:56 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:x3tKJpaAJxIh1HXTJCOVuFMeyU5K8ilWL+AJKbyJ6jXU0tqHR9kqyzcxo9Qfu2pc:OhxIh1DJ/4Fdy+ilW5ic67UySR+5zcxS

Entry address:

0x4510

Entry point:

E9, 1A, 71, 15, 00, E9, 8A, 22, 00, 00, 66, FF, C0, F5, E9, FC, F5, FF, FF, 48, 89, E5, 66, 81, D7, 19, 84, E9, 9F, F7, FF, FF, 48, 8D, B1, 96, 00, CB, 4A, 52, 66, F7, D7, 66, F7, D6, 66, 0F, CF, E9, 28, 15, 00, 00, 66, 36, 8B, 00, E9, 33, 22, 00, 00, 66, 0F, B6, FA, 66, 0F, BE, F8, 56, 66, 89, F7, 41, 56, 66, F7, D5, 41, 50, 48, 0F, B6, F8, 48, 0F, B6, EA, 66, 0F, CE, 48, 8D, 34, 4D, 02, 3F, 73, 72, 41, 52, F7, D6, 0F, CE, 66, 89, FE, 52, 48, 0F, CF, E9, 0D, 37, 00, 00, 52, 66, 87, FE, 41, 54, 0F, B6, EA... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

37.5 KB (38,400 bytes)

Driver

Display name:

acdev

Type:

Kernel device driver (KernelDriver)

Scan acdev64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.