» IceKore.sys
Overview
Analysis
File Details
Behaviors (1)

IceKore.sys

CryptoMill Trust Boundary Manager

CryptoMill Technologies Ltd

It runs as a Windows file system device driver named “IceKore”.

File name:

IceKore.sys

Publisher:

CryptoMill Technologies Inc. (signed by CryptoMill Technologies Ltd)

Product:

CryptoMill Trust Boundary Manager

Description:

IceKore Filter Driver

Version:

8.3.8.17393 built by: WinDDK

MD5:

f103d1ed22723b3c44280d710c273fbe

SHA-1:

90b23400618741a8afad0fbe864beb175428ac7c

SHA-256:

ce5c8985400f64a10912d54849800e62ed70eb4ada9f02204bdd04751ab48381

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 3:51:43 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

File size:

308 KB (315,352 bytes)

Product version:

8.3.8.17393

Original file name:

IceKore.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\icekore.sys

Digital Signature

Signed by:

CryptoMill Technologies Ltd

Authority:

VeriSign, Inc.

Valid from:

7/8/2013 7:00:00 AM

Valid to:

8/8/2014 6:59:59 AM

Subject:

CN=CryptoMill Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CryptoMill Technologies Ltd, L=Toronto, S=Ontario, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4484C1B7B3587CA73CC11DDBE0AC0136

File PE Metadata

Compilation timestamp:

11/9/2013 6:13:53 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:J6L1z6Suj4YyXk5cHUxmG7Bz8WsO+GqyQMzZStl:J6L1z6SujEt0xz7zsoqkSX

Entry address:

0x4A03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 4C, 73, FB, FF, CC, CC, 4C, A1, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, A6, 04, 00, AC, 20, 04, 00, 30, A1, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, CC, A6, 04, 00, 90, 20, 04, 00, A0, A0, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, AA, 04, 00, 00, 20, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, A7, 04, 00, 08, AA, 04, 00, EE, A9, 04, 00, CE, A9, 04, 00, AA, A9, 04, 00, 96, A9, 04, 00, 7E, A9, 04, 00, 64, A9... 
[+]

Code size:

266 KB (272,384 bytes)

Driver

Display name:

IceKore

Description:

IceKore Filter Driver

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Encryption

Depends on:

FltMgr

Scan IceKore.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.