home

klhk.sys

Kaspersky Anti-Virus

Kaspersky Lab

It runs as a Windows 64-bit kernel mode device driver named “klhk”.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
Kaspersky™ Anti-Virus ®

Description:
KLHK [fre_wlh_x64]

Version:
1.1.0.25

MD5:
7ed6b6805b3e1bc9dc2418f1c5c920b4

SHA-1:
43d5e0cbae7c2102951afa51c583668348c5a50a

SHA-256:
7ff90c32c95e2141a3d3b378dde8035c8c6eb811c087a9af7d20c735cb74142a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 12:01:39 PM UTC  (today)

File size:
238.1 KB (243,808 bytes)

Product version:
1.1.0.25

Copyright:
Copyright © Kaspersky Lab ZAO 1996-2013.

Original file name:
KLHK

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\klhk.sys

Digital Signature
Signed by:
Kaspersky Lab

Authority:
DigiCert Inc

Valid from:
2/21/2013 6:00:00 PM

Valid to:
4/28/2015 7:00:00 AM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, C=RU

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0226E6BDA76DAE711E3DB2321E3B5308

File PE Metadata
Compilation timestamp:
4/10/2014 8:24:51 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
10.0

CTPH (ssdeep):
3072:62wC3eW1WS5YqONfdFxQXil8MeEy/GCwf:6n4FYPNVFxQX28MeEy/GCA

Entry address:
0x58130

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 83, FF, FF, FF, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, CE, FE, FF, FF, CC, CC, CC, CC, CC, CC, 48, 81, EC, 58, 01, 00, 00, 48, 8B, 05, A2, 63, FC, FF, 48, 33, C4, 48, 89, 84, 24, 40, 01, 00, 00, 4C, 8D, 05, C8, 8A, FE, FF, 48, 8D, 15, BD, 8A, FE, FF, 48, 8D, 0D, B2, 8A, FE, FF, 45, 33, C9, FF, 15, 59, 31, FC, FF, 48, 8D, 4C, 24, 20, 33, D2, 41, B8, 1C, 01, 00, 00, 88, 05, AA, 8A, FE, FF, E8, A1, C0, FA, FF, 48...
 
[+]

Entropy:
3.9265

Code size:
52.5 KB (53,760 bytes)

Driver
Display name:
klhk

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.