» ksecpkg.sys
Overview
Analysis
File Details
Behaviors (1)

ksecpkg.sys

Kernel Security Support Provider Interface Packages

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “KSecPkg”. It is installed with Windows 7.

File name:

ksecpkg.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Kernel Security Support Provider Interface Packages

Part of the Windows 7 (with Service Pack 1) Operating System

Version:

6.1.7601.21971 (win7sp1_ldr.120418-1503)

MD5:

99ec01bb69bec07640175112c9517021

SHA-1:

4732afebaf967a10fb638afddcf6cef885a554c5

SHA-256:

303cc58d93cc18aa49fc61bf4bb64dff592ac4cd66f743f7c4502d14bfe758d7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

5/9/2024 7:58:36 AM UTC (today)

File size:

148.9 KB (152,432 bytes)

Product version:

6.1.7601.21971

Original file name:

ksecpkg.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\ksecpkg.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

3/27/2012 12:37:17 AM

Valid to:

6/27/2013 12:37:17 AM

Subject:

CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6105DD42000000000014

File PE Metadata

Compilation timestamp:

4/19/2012 6:09:23 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:6WBVBZs8+3TfQ7pWmjogfeMOIXxf8/bx9fngnyyUz8+6W3tJ6W:6aVs8CqRYMf+GWzcWCW

Entry address:

0x2806C

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, F6, 00, 00, 00, 90, 90, 90, 90, 90, 90, 54, 68, 65, 20, 64, 72, 69, 76, 65, 72, 20, 66, 61, 69, 6C, 65, 64, 20, 74, 68, 65, 20, 61, 6C, 67, 6F, 72, 69, 74, 68, 6D, 20, 73, 65, 6C, 66, 20, 74, 65, 73, 74, 3A, 20, 30, 78, 25, 78, 0A, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90... 
[+]

Entropy:

6.4178

Code size:

109.5 KB (112,128 bytes)

Driver

Display name:

KSecPkg

Type:

Kernel device driver (KernelDriver)

Group:

Cryptography

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.