home

nshe.sys

DongleEmulator

NGO

It runs as a Windows 64-bit kernel mode device driver named “Guardant Emulator Driver”.
Publisher:
T0r0 2008  (signed by NGO)

Product:
DongleEmulator

Description:
DongleEmulator for HASP, Sentinel, etc

Version:
1.25

MD5:
dd88d1bde6985d86fce0ecef55aa0fed

SHA-1:
c1d70120ea1badb30552a5c41343ecd695ee7b22

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:11:27 PM UTC  (today)

File size:
96.5 KB (98,816 bytes)

Product version:
1.25

Copyright:
Copyright (c) T0r0 & VoliaCom

Original file name:
DongleEmulator.sys

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\nshe.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
2/20/2013 4:53:47 AM

Valid to:
1/1/2040 1:59:59 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
5CD38A3B96F2F8BB4653C0B8E7E3F133

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
1536:+gRbCOXPhNr1V6E1FjyUeYgbblRQN7jKirNuJ/AwosP1VmIhYyE:+uCOfFVPjxhg3lRIro/Jfm9

Entry point:
55, 8B, EC, 83, EC, 68, 56, 57, E8, B5, B7, FF, FF, BE, 00, 00, 00, C0, 8B, F8, 23, C6, 3B, C6, 75, 07, E8, 49, B7, FF, FF, EB, 71, 53, 6A, 40, BF, 19, 00, 02, 00, 57, 33, DB, 53, 53, 68, E2, 81, 01, 00, 6A, 02, 8D, 4D, 98, E8, DB, F5, FF, FF, 6A, 40, 57, 53, 53, 68, EE, 81, 01, 00, 6A, 01, 8D, 4D, CC, E8, C7, F5, FF, FF, 39, 5D, A0, 7C, 08, 88, 1D, 28, 41, 01, 00, EB, 0B, 39, 5D, D4, 0F, 9D, C0, A2, 28, 41, 01, 00, FF, 75, 0C, FF, 75, 08, E8, 90, FE, FF, FF, 8B, F8, 23, C6, 3B, C6, 5B, 75, 05, E8, E6, B6...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Driver
Display name:
Guardant Emulator Driver

Service name:
NSHE

Type:
Kernel device driver (KernelDriver)

Depends on:
HARDLOCK


Scan nshe.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.