home

getbus.sys

Bus Type Detection Driver

TechPowerUp

It runs as a Windows kernel mode device driver named “getbus”.
Publisher:
AMD  (signed by TechPowerUp)

Product:
Bus Type Detection Driver

Version:
1.0.0.0

MD5:
35bfcdf98df4f5b3ab551e1ae7ba85d1

SHA-1:
9d3194747177c02a3fce9805da65a1055468cbcd

SHA-256:
2ba0311ff950a64c0a816adbc8e96f9c4dce03b54edf77c04a8f843f1f9c6309

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 3:42:17 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
TrojWare.Win32.Kryptik.AXV
18221

File size:
20.9 KB (21,376 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2011 (c). AMD Corporation. All rights reserved.

File type:
Driver (Win32 SYS)

Common path:
C:\users\{user}\appdata\local\temp\getbus.sys

Digital Signature
Signed by:
TechPowerUp

Authority:
GlobalSign nv-sa

Valid from:
8/12/2008 5:41:47 AM

Valid to:
8/12/2011 5:41:47 AM

Subject:
E=admin@techpowerup.com, CN=TechPowerUp, O=TechPowerUp, C=HK

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011BB4CA6474

File PE Metadata
Compilation timestamp:
4/1/2011 4:54:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
10.0

CTPH (ssdeep):
384:UhzG38c9tek3qxLbkncpQczLeT0Qzz02Qp8j+6NE54XdUb+bnVPFX:UhzG38Melbs0eTn3b8C+3ibVPFX

Entry address:
0x1130

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 1C, 0C, 00, 00, 53, 33, C0, 56, 8B, 75, 0C, A3, 70, 40, 40, 00, A3, 74, 40, 40, 00, A3, 78, 40, 40, 00, A3, 7C, 40, 40, 00, 0F, B7, 06, 8B, 4E, 04, 57, 50, 51, 8D, 94, 24, 30, 04, 00, 00, 52, FF, 15, 1C, 30, 40, 00, 83, C4, 0C, 8D, 84, 24, 28, 04, 00, 00, 6A, 5C, 50, FF, 15, 20, 30, 40, 00, 83, C4, 08, 83, C0, 02, 50, 8D, 4C, 24, 14, 51, FF, 15, 14, 30, 40, 00, 8B, 44, 24, 10, 8B, 3D, 28, 30, 40, 00, 66, A3, 70, 40, 40, 00, 83, C0, 02, 0F, B7, D0, 68, 44, 72, 69, 76, 52, 6A...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

Driver
Display name:
getbus

Type:
Kernel device driver (KernelDriver)


Scan getbus.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.