» FarSpace.sys
Overview
Analysis
File Details
Behaviors (1)

FarSpace.sys

Deep Freeze

Dmitry Shesterin

It runs as a Windows kernel mode device driver named “FarSpace”.

File name:

FarSpace.sys

Publisher:

Faronics Corporation (signed by Dmitry Shesterin)

Product:

Deep Freeze

Description:

Deep Freeze Driver

Version:

8.00.020.3636

MD5:

66402edda5c94a8881a6cc8910204919

SHA-1:

faf94613701072246fee09337d7c79065863ff6b

SHA-256:

c207a6232414d4911f4cae71b46e219ef0ddf64fad79c2b34eba38db99509629

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 4:08:00 PM UTC (today)

Scan engine

Detection

Engine version

NANO AntiVirus

Trojan.Win32.EPACK.dwzbct

1.0.10.5081

File size:

80.9 KB (82,872 bytes)

Product version:

8.00.520.4545

Original file name:

FarSpace.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\farspace.sys

Digital Signature

Signed by:

Dmitry Shesterin

Authority:

VeriSign, Inc.

Valid from:

2/8/2012 6:00:00 PM

Valid to:

2/8/2015 5:59:59 PM

Subject:

CN=Dmitry Shesterin, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=Vancouver, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06658B28DCA3E5AF38E72F439F229E08

File PE Metadata

Compilation timestamp:

12/10/2013 7:35:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.10

CTPH (ssdeep):

1536:9AirFWL34xmgVVkyrElZbLf7zOrDnYHym9rKgQTmvW:Kir3mg1yZ3fvAWym9OovW

Entry address:

0x105FC

Entry point:

8B, FF, 55, 8B, EC, A1, 2C, F1, 01, 00, 85, C0, B9, 40, BB, 00, 00, 74, 04, 3B, C1, 75, 23, 8B, 15, E4, E3, 01, 00, B8, 2C, F1, 01, 00, C1, E8, 08, 33, 02, 25, FF, FF, 00, 00, A3, 2C, F1, 01, 00, 75, 07, 8B, C1, A3, 2C, F1, 01, 00, F7, D0, A3, 28, F1, 01, 00, 5D, E9, AD, FE, FF, FF, CC, A0, 06, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 0D, 01, 00, 0C, E3, 00, 00, 94, 06, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 12, 0D, 01, 00, 00, E3, 00, 00, 90, 07, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, A2, 0E, 01, 00... 
[+]

Entropy:

6.5833

Code size:

62.1 KB (63,616 bytes)

Driver

Display name:

FarSpace

Type:

Kernel device driver (KernelDriver)

Scan FarSpace.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.