home

cscrysec.sys

CryptoStorage

InfoWatch

It runs as a Windows 64-bit kernel mode device driver named “InfoWatch Encrypt Sector Library driver”.
Publisher:
InfoWatch  (signed and verified)

Product:
CryptoStorage

Description:
Cryptographic Algorithm Lib Driver.

Version:
2.0.114.0

MD5:
3b919bc23b19455c5b0d0ab0fc12cf29

SHA-1:
033196117f97edeca7aaccfa5c5ad1d0aff05f32

SHA-256:
06408f8082de47231f6e7865e20a80441376c27aa3490118925471780c1d15a2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 9:21:12 PM UTC  (today)

File size:
84.3 KB (86,288 bytes)

Product version:
2.0.114.0

Copyright:
© Infowatch 2006-2011. All rights reserved.

Original file name:
LCSecLib.sys

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\cscrysec.sys

Digital Signature
Signed by:
InfoWatch

Authority:
VeriSign, Inc.

Valid from:
9/21/2011 6:00:00 AM

Valid to:
9/21/2012 5:59:59 AM

Subject:
CN=InfoWatch, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=InfoWatch, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4BB4FB0AA40B02EE679E6CB9CDEEB77F

File PE Metadata
Compilation timestamp:
1/11/2012 4:26:40 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:LRtnPyLrmtV4A5DRIXm03VKPbMqqU+tIQRLfUod:CLyGA+KPbMqqD7Lf7

Entry address:
0xC8E0

Entry point:
48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 48, 8D, 1D, 05, 67, 00, 00, 48, 8D, 2D, 06, 67, 00, 00, 48, 8B, F2, 48, 3B, DD, 48, 8B, F9, 73, 16, 66, 66, 90, 48, 8B, 03, 48, 85, C0, 74, 02, FF, D0, 48, 83, C3, 08, 48, 3B, DD, 72, ED, 44, 8B, 05, BE, 70, 00, 00, BA, 28, 00, 00, 00, 33, C9, FF, 15, D1, 16, 00, 00, 48, 85, C0, 48, 8B, D8, 74, 36, C7, 40, 18, 01, 00, 00, 00, 48, C7, 40, 10, 00, 00, 00, 00, 66, C7, 40, 0A, 00, 00, 66, C7, 40, 08, 00, 00, 48, 89, 05, 9F, 70, 00...
 
[+]

Code size:
50.5 KB (51,712 bytes)

Driver
Display name:
InfoWatch Encrypt Sector Library driver

Service name:
CSCrySec

Type:
Kernel device driver (KernelDriver)

Group:
Boot Bus Extender


Scan cscrysec.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.