home

HookPort.sys

Qizhi Software (beijing) Co. Ltd

It runs as a Windows kernel mode device driver named “HookPort”.
Publisher:
360安全中心  (signed by Qizhi Software (beijing) Co. Ltd)

Product:
360安全中心

Description:
360安全卫士 - HookPort

Version:
1, 0, 0, 1007

MD5:
f9c336bb5f8d5be5713a71b0ed0c2bbb

SHA-1:
e5677f58e19ef76a285a4074df1e8865f1fbc01d

SHA-256:
4fd3cebca600585bc63c8d1799ce07102d5e8e8358e5e5b7d55f9516ae30538a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 9:49:55 PM UTC  (today)

File size:
52.5 KB (53,760 bytes)

Product version:
1, 0, 0, 1007

Copyright:
版权所有 (C) 2006-2010 360安全中心

Original file name:
HookPort.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\hookport.sys

Digital Signature
Signed by:
Qizhi Software (beijing) Co. Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
10/22/2008 8:00:00 AM

Valid to:
11/24/2010 7:59:59 AM

Subject:
CN=Qizhi Software (beijing) Co. Ltd, OU=SECURE APPLICATION DEVELOPMENT, O=Qizhi Software (beijing) Co. Ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
21D91D915F64FE5AEAA16DD9B46F06DD

File PE Metadata
Compilation timestamp:
11/30/2009 7:01:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
768:brQndzcEXrh2GXTFbhsfPjvVzwO7q66AWMcJRFXecRsJ5yn4LZI:bknB2S5GfPjJpze7ecPn4+

Entry address:
0xA385

Entry point:
A1, A0, 9F, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 19, A1, 28, 9D, 01, 00, 8B, 00, 35, A0, 9F, 01, 00, A3, A0, 9F, 01, 00, 75, 06, 89, 0D, A0, 9F, 01, 00, E9, C9, F6, FF, FF, CC, CC, CC, 00, A4, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, A8, 00, 00, 8C, 9C, 00, 00, F4, A3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5E, A8, 00, 00, 80, 9C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 36, A8, 00, 00, 4A, A8, 00, 00, 00, 00, 00, 00, F6, A4, 00, 00, 04...
 
[+]

Entropy:
6.4765

Code size:
39.3 KB (40,192 bytes)

Driver
Display name:
HookPort

Type:
Kernel device driver (KernelDriver)

Group:
Boot Bus Extender


Scan HookPort.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.