home

Partizan.sys

RegRun Security Suite

Greatis Software, LLC

It runs as a Windows kernel mode device driver named “Partizan”.
Publisher:
Greatis Software  (signed by Greatis Software, LLC)

Product:
RegRun Security Suite

Description:
Partizan - Rootkit detector

Version:
1, 0, 0, 3

MD5:
e228b03a922d46e29b88c4056861ee78

SHA-1:
876c539bbe897696704e8639bd7c88dea2d1f895

SHA-256:
c601fe283a0c33e28e65d43c7a9b23f636c23fcd8cb7fb53d72b26e2a6959711

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:02:41 PM UTC  (today)

File size:
33.9 KB (34,760 bytes)

Product version:
5,1,0,21

Copyright:
Copyright © 2007

Trademarks:
Partizan

Original file name:
Partizan.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\partizan.sys

Digital Signature
Signed by:
Greatis Software, LLC

Authority:
The USERTRUST Network

Valid from:
11/24/2008 2:00:00 AM

Valid to:
11/25/2010 1:59:59 AM

Subject:
CN="Greatis Software, LLC", O="Greatis Software, LLC", STREET="1-65, Turgeneva", L=Yaroslavl, S=Yaroslavl, PostalCode=150054, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
4B5179A3ECC3D3E2BE18F660088FE088

File PE Metadata
Compilation timestamp:
2/13/2008 7:52:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
6.0

CTPH (ssdeep):
384:Pel577V0+FKj/bMKM4K3aWe5MXU69sMIjDG3:Pel57Wvj/bFKiK9nIjDG3

Entry address:
0x19DB

Entry point:
55, 8B, EC, 81, EC, AC, 01, 00, 00, 56, 57, B9, 08, 00, 00, 00, BE, 90, 18, 01, 00, 8D, BD, 0C, FF, FF, FF, F3, A5, 66, A5, B9, 0A, 00, 00, 00, BE, B4, 18, 01, 00, 8D, BD, 48, FF, FF, FF, F3, A5, 66, A5, A1, E0, 18, 01, 00, 89, 85, E8, FE, FF, FF, 8B, 0D, E4, 18, 01, 00, 89, 8D, EC, FE, FF, FF, 8B, 15, E8, 18, 01, 00, 89, 95, F0, FE, FF, FF, B9, 22, 00, 00, 00, BE, EC, 18, 01, 00, 8D, BD, 74, FF, FF, FF, F3, A5, 66, A5, 68, 44, 64, 6B, 20, 8B, 45, 0C, 33, C9, 66, 8B, 08, 83, C1, 02, 51, 6A, 01, FF, 15, 24...
 
[+]

Entropy:
4.1341

Developed / compiled with:
Microsoft Visual C++

Code size:
11.6 KB (11,840 bytes)

Driver
Display name:
Partizan

Type:
Kernel device driver (KernelDriver)

Group:
Boot Bus Extender


Scan Partizan.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.