» KSILsDisk.SYS
Overview
Analysis
File Details
Behaviors (1)

KSILsDisk.SYS

KSIL Secret Disk Library.

CNTSoft

It runs as a Windows 64-bit kernel mode device driver named “KSILsDisk”.

File name:

KSILsDisk.SYS

Publisher:

Product:

KSIL Secret Disk Library.

Version:

2015, 2, 14, 1

MD5:

5323a13bafa72c45f064868b18116a09

SHA-1:

b646afb681e60a2353735b0ce305af5f96cb6253

SHA-256:

ec531ee0486c3da4efe74ca8ce4ad94b4e35d505725420c4e25d93ff40f7405a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 5:26:32 PM UTC (today)

File size:

89.2 KB (91,336 bytes)

Product version:

2015, 2, 14, 1

Trademarks:

KSIL Secret Disk Library.

Original file name:

KSILsDisk.SYS

File type:

Driver (Win64 SYS)

Common path:

C:\windows\syswow64\drivers\ksilsdisk.sys

Digital Signature

Signed by:

CNTSoft

Authority:

Thawte, Inc.

Valid from:

2/22/2014 9:00:00 AM

Valid to:

2/23/2015 8:59:59 AM

Subject:

CN=CNTSoft, O=CNTSoft, L=Yongin-si, S=Gyeonggi-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

428AEF597AF56AF8E27D40B36C172831

File PE Metadata

Compilation timestamp:

2/14/2015 11:30:54 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:Yms0LLLGS4A3GqlD0CvImSt0B5lmbMxxGsoEdLaia5E:HngKACla0B5lgMxxGsoEcia5E

Entry address:

0x13E38

Entry point:

48, 53, B8, 20, 00, 00, 00, E8, 1E, E1, FF, FF, 48, 2B, E0, 48, 8D, 05, F6, 47, FF, FF, 48, 8B, D9, BA, 01, 00, 00, 00, 48, 89, 41, 70, 48, 89, 81, 80, 00, 00, 00, 48, 89, 81, 00, 01, 00, 00, 48, 89, 81, B8, 00, 00, 00, 48, 89, 81, F0, 00, 00, 00, 48, 89, 81, 48, 01, 00, 00, 48, 89, 81, 88, 00, 00, 00, 48, 89, 81, 90, 00, 00, 00, 48, 89, 81, E0, 00, 00, 00, 48, 8D, 05, 67, 47, FF, FF, 48, 89, 41, 68, 48, 8D, 0D, 7C, FB, FF, FF, FF, 15, 56, C5, FE, FF, 48, 8D, 0D, 53, FB, FF, FF, 45, 33, C9, 45, 33, C0, 33... 
[+]

Entropy:

6.7611

Code size:

75.6 KB (77,376 bytes)

Driver

Display name:

KSILsDisk

Type:

Kernel device driver (KernelDriver)

Scan KSILsDisk.SYS - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.