home

cyberplanet.sys

Fidel Dali

It runs as a Windows kernel mode device driver named “madCodeHook DLL injection driver”.
Publisher:
Fidel Dali  (signed and verified)

MD5:
5880974694b9092cb386c5740c97520f

SHA-1:
65716296c6db34646829784d55bf5c41aec3452f

SHA-256:
15f653afabfb0962b2b1d2082d32671e21b0f802fe94c59b44c6533fb0094cf0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 2:20:41 PM UTC  (today)

File size:
5.9 KB (6,016 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\cyberplanet.sys

Digital Signature
Signed by:
Fidel Dali

Authority:
The USERTRUST Network

Valid from:
7/12/2009 7:00:00 PM

Valid to:
7/13/2010 6:59:59 PM

Subject:
CN=Fidel Dali, O=Fidel Dali, STREET=Ciudad de la Paz 1701 8 A, L=Capital Federal, S=Buenos Aires, PostalCode=1426, C=AR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
543193D6B1CE0ED14B57CFA580B2F162

File PE Metadata
Compilation timestamp:
8/18/2009 1:56:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
96:TADLD+uKNDrlpu2E4ZZl7yMhxjtIw1S41XdtQa5zg23PQHUEk4poZJk6qk4XkY:TACuKN1RnyMTCOFXYa5zg2Y02kQ

Entry address:
0x650

Entry point:
55, 8B, EC, 8B, 45, 08, C7, 40, 38, 20, 06, 01, 00, 8B, 4D, 08, C7, 41, 40, 20, 06, 01, 00, 6A, 00, 68, 00, 04, 01, 00, FF, 15, 8C, 02, 01, 00, 33, C0, 5D, C2, 08, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C8, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 14, 08, 00, 00, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, 06, 00, 00, 06, 07, 00, 00...
 
[+]

Entropy:
6.9502

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 KB (1,472 bytes)

Driver
Display name:
madCodeHook DLL injection driver

Service name:
mchInjDrv

Type:
Kernel device driver (KernelDriver)


Scan cyberplanet.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.