» llhwid.sys
Overview
Analysis
File Details

llhwid.sys

Oleg Shcherbakov

File name:

llhwid.sys

Publisher:

Oleg Shcherbakov (signed and verified)

MD5:

65a0033f8fac36781194763188a62234

SHA-1:

49f19b2e1eb3d227d683c2becdf799df50812a4f

SHA-256:

677a2318a13b914972608105b6ed438d9229203a017307f81320e9da053f2930

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/20/2024 3:41:45 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.11.150.160

Qihoo 360 Security

HEUR/Malware.QVM00.Gen

1.0.0.1015

File size:

415.3 KB (425,272 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\llhwid.sys

Digital Signature

Signed by:

Oleg Shcherbakov

Authority:

GlobalSign nv-sa

Valid from:

11/6/2012 8:09:30 PM

Valid to:

12/29/2013 7:27:52 PM

Subject:

CN=Oleg Shcherbakov, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D3E14F47C600CC45FB975E2B840FA84B

File PE Metadata

Compilation timestamp:

2/4/2013 11:27:42 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

12288:vPCwDK/2pcxtt/DSbSZFHlhJ+8W387XWfsSwGafJO:HOOpQ1DSbaFHlbY387XwhWJO

Entry address:

0x11F0

Entry point:

E9, 06, 12, 06, 00, 83, C5, 04, 9C, 60, F9, FF, 74, 24, 24, 9D, 68, 98, 87, 1B, E0, FF, 34, 24, 8D, 64, 24, 30, E9, 1F, 0D, 00, 00, FF, 74, 24, 38, 8F, 45, 00, 50, 88, 04, 24, 68, 10, BA, 5B, E4, 8D, 64, 24, 44, E9, D5, 09, 00, 00, 3F, 80, EC, 99, 89, E8, F6, C5, 86, 9C, 60, F9, 83, ED, 02, 68, 62, 01, CE, AC, E9, 39, 36, 00, 00, F5, 83, ED, 02, F9, 85, DB, 66, 21, 45, 04, 51, 88, 3C, 24, 9C, 8F, 44, 24, 20, 60, E9, 70, 24, 00, 00, 89, 04, 24, 29, C6, FF, 35, 59, 10, 00, 10, 66, C1, E5, 0B, 68, 00, 00, 00... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

19.5 KB (19,968 bytes)

Scan llhwid.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.