home

KProcessCheck2.sys

TrustDefender Kernel Forensics Engine

Symbiotic Technologies Pty Ltd

Publisher:
Symbiotic Technologies Pty Ltd  (signed and verified)

Product:
TrustDefender Kernel Forensics Engine

Description:
KProcessCheck2 - Kernel Forensics Engine

Version:
3.4.3.1095

MD5:
c38aa543e97dbfb3eb6be17bc9ab2e64

SHA-1:
d4fef239886c91f515a39f002e0c5064bf3991cc

SHA-256:
8da7da98f7e98067e67277a36383ca3302c28f5b75a0aac95db520898d1d813a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 2:29:42 PM UTC  (today)

File size:
50.2 KB (51,392 bytes)

Product version:
3.4.3.1095

Copyright:
(C) 2005-2011 Symbiotic Technologies Pty Ltd. All rights reserved

Original file name:
KProcessCheck2.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Program Files\trustdefender\trustdefender\kprocesscheck2.sys

Digital Signature
Signed by:
Symbiotic Technologies Pty Ltd

Authority:
DigiCert Inc

Valid from:
11/10/2013 7:00:00 PM

Valid to:
11/19/2014 7:00:00 AM

Subject:
CN=Symbiotic Technologies Pty Ltd, O=Symbiotic Technologies Pty Ltd, L=San Jose, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CD1D433C6C0A7F2E62133537AF98C1A

File PE Metadata
Compilation timestamp:
3/26/2014 11:57:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
10.0

CTPH (ssdeep):
768:QDddhNOVQXKQyqRE49VaA1rpG05EZRR6YlkhkgTfox2NFLrAD7NwR9clYKgL:QaiXK7kT/hpv5+R6YlaLrAD7NwR9cOt

Entry address:
0x6990

Entry point:
55, 8B, EC, 56, 8B, 75, 08, 57, 8B, 3D, 4C, 70, 40, 00, 68, 50, 78, 40, 00, 68, 50, 8F, 40, 00, 89, 35, F4, 88, 40, 00, FF, D7, 68, 80, 78, 40, 00, 68, 78, 8F, 40, 00, FF, D7, 8B, 46, 14, A3, 90, 8F, 40, 00, C7, 05, 94, 8F, 40, 00, 00, 00, 00, 00, E8, 7D, FE, FF, FF, 85, C0, 74, 0B, 5F, B8, 01, 00, 00, C0, 5E, 5D, C2, 08, 00, 68, 10, 8F, 40, 00, 6A, 00, 68, D0, 71, 40, 00, 6A, 00, 68, 00, 01, 00, 00, 6A, 22, 68, 50, 8F, 40, 00, 6A, 00, 56, E8, 56, 26, 00, 00, 85, C0, 78, 7D, 68, 50, 8F, 40, 00, 68, 78, 8F...
 
[+]

Entropy:
6.5750

Developed / compiled with:
Microsoft Visual C++

Code size:
31 KB (31,744 bytes)

Scan KProcessCheck2.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.