home

drivecrypt64.sys

Conseal Security Ltd

It runs as a Windows 64-bit kernel mode device driver named “DriveCrypt Driver Service”.
Publisher:
Conseal Security Ltd  (signed and verified)

MD5:
714a9730779f0fc32dc5fc5c5b9bf1d8

SHA-1:
e7af5e29596c0ade022f4595661dd2a00d22b0b0

SHA-256:
b9a00e5738b62424294da887d777448488032d75a9f5ced607b498537b3b5af6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
7/12/2025 11:23:36 PM UTC  (a few moments ago)

File size:
56 KB (57,360 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivecrypt64.sys

Digital Signature
Signed by:
Conseal Security Ltd

Authority:
GlobalSign nv-sa

Valid from:
2/27/2012 12:14:50 PM

Valid to:
4/8/2013 1:08:11 PM

Subject:
E=info@consealsecurity.com, CN=Conseal Security Ltd, O=Conseal Security Ltd, L=Alton, S=Hampshire, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CDFCA1241AD66C07A41C7C0D0215BAAF

File PE Metadata
Compilation timestamp:
6/22/2012 6:12:35 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:uQx4UlLgKmifGbx7axtl7KxLzw5f9AaKjpyBW6IkidVGlrwahoICS4AIqxmp5TXd:IJx7ax/7Kxc52H1WtCICS4ADI5HZrizE

Entry address:
0xF064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 86, 1F, FF, FF, CC, CC, B0, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 36, F6, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, F2, 00, 00, 00, 00, 00, 00, 48, F2, 00, 00, 00, 00, 00, 00, 60, F2, 00, 00, 00, 00, 00, 00, 72, F2, 00, 00, 00, 00, 00, 00, 8C, F2, 00, 00, 00, 00, 00, 00, A0, F2, 00, 00, 00, 00, 00, 00, B8, F2, 00, 00...
 
[+]

Entropy:
6.8176

Code size:
35 KB (35,840 bytes)

Driver
Display name:
DriveCrypt Driver Service

Service name:
DriveCrypt

Type:
Kernel device driver (KernelDriver)


Scan drivecrypt64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.