» mskrn.exe
Overview
Analysis
File Details
Behaviors (1)

mskrn.exe

MalwareSecure

MSecure Data Labs

It runs as a separate (within the context of its own process) windows Service named “MSDLAVkrn”.

File name:

mskrn.exe

Publisher:

MSecure Data Labs (signed and verified)

Product:

MalwareSecure

Description:

MSecure Application

Version:

9, 0, 6, 9

MD5:

b2db680a201a5c7754a8769027babc96

SHA-1:

1fa063d34f0258449ac643dc68cfdfbbdd3c6235

SHA-256:

badeb09afed829e71ed262e20f74a5be377ebac9c767940485e1412948dc1a86

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 8:40:04 AM UTC (today)

File size:

2 MB (2,134,944 bytes)

Product version:

9, 0, 6, 9

Original file name:

Srv.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\Program Files\msdl-msdlav\mskrn.exe

Digital Signature

Signed by:

MSecure Data Labs

Authority:

GlobalSign nv-sa

Valid from:

12/28/2012 8:17:32 PM

Valid to:

1/28/2014 8:17:32 PM

Subject:

CN=MSecure Data Labs, O=MSecure Data Labs, L=Hyderabad, S=Andhra Pradesh, C=IN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11213CC608EC8B23A8CA86287E52139F0823

File PE Metadata

Compilation timestamp:

9/10/2013 11:34:44 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

49152:4j3ZqrO4k1AwqYa0XmtyKGJsv6tWKFdu9CqTEu07zlXbvE:4OO3iYaKm8Jsv6tWKFdu9CpE

Entry address:

0x114E42

Entry point:

E8, 33, 17, 01, 00, E9, A5, FE, FF, FF, C3, B8, C8, 70, 52, 00, A3, 10, ED, 5E, 00, C7, 05, 14, ED, 5E, 00, AF, 67, 52, 00, C7, 05, 18, ED, 5E, 00, 63, 67, 52, 00, C7, 05, 1C, ED, 5E, 00, 9C, 67, 52, 00, C7, 05, 20, ED, 5E, 00, 05, 67, 52, 00, A3, 24, ED, 5E, 00, C7, 05, 28, ED, 5E, 00, 40, 70, 52, 00, C7, 05, 2C, ED, 5E, 00, 21, 67, 52, 00, C7, 05, 30, ED, 5E, 00, 83, 66, 52, 00, C7, 05, 34, ED, 5E, 00, 10, 66, 52, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, E8, 98, 22, 01, 00, 83, 7D, 08, 00, A3, 38... 
[+]

Entropy:

6.5714

Code size:

1.3 MB (1,391,616 bytes)

Service

Display name:

MSDLAVkrn

Type:

Win32OwnProcess

Group:

UIGroup

Scan mskrn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.