home

ExtIt.sys

Exterminate It! Antimalware

CURIOLAB S.M.B.A.

It runs as a Windows 64-bit kernel mode device driver named “ExterminateIt”.
Publisher:
CURIOLAB S.M.B.A.  (signed and verified)

Product:
Exterminate It! Antimalware

Description:
Exterminate It! AntiRootkit Driver

Version:
1.28 built by: WinDDK

MD5:
8ef8166e412988f210186e2fae88d083

SHA-1:
3fdcc3a5de35f13e2591e054be4c8a6451d351b0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 3:29:16 AM UTC  (today)

File size:
69.1 KB (70,760 bytes)

Product version:
1.28

Copyright:
Copyright CurioLab S.M.B.A.(c). All rights reserved.

Original file name:
ExtIt.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\extit.sys

Digital Signature
Signed by:
CURIOLAB S.M.B.A.

Authority:
VeriSign, Inc.

Valid from:
5/7/2010 12:00:00 AM

Valid to:
5/7/2011 11:59:59 PM

Subject:
CN=CURIOLAB S.M.B.A., OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CURIOLAB S.M.B.A., L=Copenhagen S, S=Copenhagen S, C=DK

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
579EAB4A7601467DC70D0C8EBA896EB2

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
1536:gdwWEqLFeqlrxCFBXJ386TrSuJjB5aDHCt:g2yFeMxCLXF8SJJjBkg

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, C2, 25, FF, FF, CC, CC, 34, DF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FE, E5, 00, 00, 94, B6, 00, 00, 20, DF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0C, E6, 00, 00, 80, B6, 00, 00, 2C, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 92, E8, 00, 00, 8C, B7, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, E5, 00, 00, EE, E3, 00, 00, D8, E3, 00, 00, E6, E1, 00, 00, 00, 00, 00, 00, 5E, E1, 00, 00, 74, E1, 00, 00, 7E, E1...
 
[+]

Driver
Display name:
ExterminateIt

Type:
Kernel device driver (KernelDriver)


Scan ExtIt.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.