home

ghcaprotector.sys

Shanghai Guanghua Guanqun Software Co.,Ltd.Sichuan Branch

Publisher:
Shanghai Guanghua Guanqun Software Co.,Ltd.Sichuan Branch  (signed and verified)

MD5:
0a216025789efa0bf4f88664c1ad513c

SHA-1:
02305c0ba24abfa615219aa7519ddfa7089d291d

SHA-256:
57ef498bc72c3ab94550f16c6ed9182c8a82ea464d20fba20a57913b51659194

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 8:39:02 PM UTC  (today)

File size:
34.2 KB (35,000 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Program Files\ghcadialer\ghcaprotector.sys

Digital Signature
Signed by:
Shanghai Guanghua Guanqun Software Co.,Ltd.Sichuan Branch

Authority:
GlobalSign nv-sa

Valid from:
12/16/2010 10:17:01 AM

Valid to:
12/16/2011 10:17:01 AM

Subject:
CN="Shanghai Guanghua Guanqun Software Co.,Ltd.Sichuan Branch", O="Shanghai Guanghua Guanqun Software Co.,Ltd.Sichuan Branch", C=CN

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012CED288FE2

File PE Metadata
Compilation timestamp:
5/7/2011 3:00:15 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:YiYp4I8Z5ZlgtVCWLByo+f7pCQkBNfagm0C+QCviOm:YiYp4XZT0NBNfagm0C+JviOm

Entry address:
0x9570

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 7A, FA, FF, FF, CC, CC, 47, 00, 68, 00, 63, 00, 61, 00, 50, 00, 72, 00, 6F, 00, 74, 00, 65, 00, 63, 00, 74, 00, 6F, 00, 72, 00, 00, 00, 68, 97, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 9A, 00, 00, 80, 51, 00, 00, E8, 95, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, 9E, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5C, 9B, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4833

Code size:
21 KB (21,504 bytes)

Scan ghcaprotector.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.