home

hideproc_x86.sys

Leadcore Technology Co.,Ltd

It runs as a Windows kernel mode device driver named “KsHP”.
Publisher:
Leadcore Technology Co.,Ltd  (signed and verified)

Version:
1,0,0,46 Build On 2012/05/13 18:57:15 built by: WinDDK

MD5:
00888c7686c5b91bf1e310e2a1c7bcc1

SHA-1:
5ea9813fb4e70fece9478681f7b11420c89b56be

SHA-256:
fb3da7465f88b9cbe77af6b674b060f88043b56976fc406469237b280d2af33d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 12:43:51 PM UTC  (today)

File size:
36.3 KB (37,136 bytes)

Product version:
1,0,0,46 Build On 2012/05/13 18:57:15

Copyright:
Copyright(C) 2010 - 2011

Original file name:
HideProc.sys

File type:
Driver (Win32 SYS)

Common path:
C:\windows\secscanclient\hideproc_x86.sys

Digital Signature
Signed by:
Leadcore Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
8/27/2014 8:00:00 AM

Valid to:
9/26/2017 7:59:59 AM

Subject:
CN="Leadcore Technology Co.,Ltd", OU=Leadcore, O="Leadcore Technology Co.,Ltd", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56319E50060DC532898B293208DD79D5

File PE Metadata
Compilation timestamp:
5/13/2012 6:57:16 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x503E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 0E, C8, FF, FF, CC, CC, 98, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 52, 00, 00, 0C, 30, 00, 00, 8C, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8C, 52, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 64, 52, 00, 00, 78, 52, 00, 00, 00, 00, 00, 00, 0C, 51, 00, 00, 24, 51, 00, 00, 30, 51, 00, 00, 44, 51, 00, 00, 58, 51, 00, 00, 78, 51, 00, 00, 84, 51, 00, 00, 8E, 51, 00, 00, 02, 51, 00, 00, C0, 51...
 
[+]

Entropy:
7.1029

Code size:
6 KB (6,144 bytes)

Driver
Display name:
KsHP

Type:
Kernel device driver (KernelDriver)


Scan hideproc_x86.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.