home

fekbbus.sys

Virtual USB bus driver

NGO

It runs as a Windows kernel mode device driver named “Fakirato wd17”.
Publisher:
DumpTeam 2010  (signed by NGO)

Product:
Virtual USB bus driver

Version:
0.15.1.4 built by: WinDDK

MD5:
3464f5d6093554c7cd8b56d17c026c36

SHA-1:
600105f1380d911ab33539f71421775be3138468

SHA-256:
1e752603a3e2bb5e46586f92f4825133437044eaffd2b853000f18920bf40fd4

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 11:54:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.DongleHack.MultiKey
4.0.3.14430

ESET NOD32
Win32/DongleHack.MultiKey (variant)
8.9624

File size:
17.9 KB (18,304 bytes)

Product version:
0.15.1.4

Copyright:
Copyright (C)2010 DumpTeam

Original file name:
vusbbus.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\fekbbus.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
1/15/2013 12:57:08 AM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
C8427BCD1ECB67834CE963A47543EC2A

File PE Metadata
Compilation timestamp:
4/12/2008 7:16:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
384:PuRtR8QQH+VbIDYYEjc4fHWbY+oYO40P3DL5Tc:Im+R+YYOfBW0fDW

Entry address:
0x3720

Entry point:
8B, FF, 55, 8B, EC, A1, F4, 0E, 01, 00, 85, C0, B9, 40, BB, 00, 00, 74, 04, 3B, C1, 75, 23, 8B, 15, 24, 0D, 01, 00, B8, F4, 0E, 01, 00, C1, E8, 08, 33, 02, 25, FF, FF, 00, 00, A3, F4, 0E, 01, 00, 75, 07, 8B, C1, A3, F4, 0E, 01, 00, F7, D0, A3, F0, 0E, 01, 00, 5D, E9, 1F, FF, FF, FF, CC, B4, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, 3B, 00, 00, 90, 0C, 00, 00, A4, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, 3C, 00, 00, 80, 0C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
13.1 KB (13,440 bytes)

Driver
Display name:
Fakirato wd17

Service name:
Fekbbus

Type:
Kernel device driver (KernelDriver)

Group:
Extended Base


Scan fekbbus.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.