» iiqrarraqz.sys
Overview
Analysis
File Details
Behaviors (1)

iiqrarraqz.sys

GameProtect

Zemi Interactive Co., Ltd.

It runs as a Windows 64-bit kernel mode device driver named “iiqrarraqz”.

File name:

iiqrarraqz.sys

Publisher:

GameSoft (signed by Zemi Interactive Co., Ltd.)

Product:

GameProtect

Version:

1.0.0.0

MD5:

53ff6cc3486cc782bffd4b1fedcb79d4

SHA-1:

d41ab84183b169e68ff27d0cc1449c6037942fb9

SHA-256:

bbc9148309f8c8536121a0e8ebadecdbc6728eb2f5fe28ecf2a5acfff71cf6ad

Scanner detections:

5 / 68

Status:

Clean (5 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 8:23:44 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Nettool.Win64.Netfilter!c

2.1.4+

Bkav FE

HW64.packed

1.3.0.7744

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

14.0.0.-431

Panda Antivirus

Generic Suspicious

16.09.20.05

Qihoo 360 Security

Win32/Virus.NetTool.f25

1.0.0.1120

File size:

397.5 KB (407,056 bytes)

Product version:

1.0.0.0

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\iiqrarraqz.sys

Digital Signature

Signed by:

Zemi Interactive Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

7/9/2013 8:00:00 AM

Valid to:

8/9/2014 7:59:59 AM

Subject:

CN="Zemi Interactive Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Zemi Interactive Co., Ltd.", L=SeoChoGu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4505E9AC8D288D763A1088ED1E2C8A60

File PE Metadata

Compilation timestamp:

3/22/2016 1:17:49 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:PVpFnWqcp2m6991GxdVM8v+X56YbLQsk4jzbZsp/PIXwfOdoVjbL5WxSpDikrD:PdWRVMqy5zkMX2RPIXwGdI3LLDikf

Entry address:

0x1E000

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 60, 48, 8B, DA, 48, 8B, F9, 0F, 20, E0, A8, 20, 74, 17, C7, 05, 62, CB, FF, FF, 08, 00, 00, 00, 48, C7, 05, 5F, CB, FF, FF, 00, 00, 20, 00, EB, 15, C7, 05, 4B, CB, FF, FF, 04, 00, 00, 00, 48, C7, 05, 48, CB, FF, FF, 00, 00, 40, 00, 33, C9, E9, E9, 54, 04, 00, E9, E9, 54, 04, 00, 90, E9, 0E, 5B, 04, 00, 48, 89, 87, E0, 00, 00, 00, 48, B8, 44, 38, 6B, 95, FF, FF, FF, FF, 48, 0F, C8, 66, 0F, B6, C0, 48, 8D, 05, 77, 6D, FE, FF, E9, 10, 5B, 04, 00, E9, 1C... 
[+]

Entropy:

6.9371

Code size:

88 KB (90,112 bytes)

Driver

Display name:

iiqrarraqz

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Scan iiqrarraqz.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.