home

passguard.sys

SysEnter Application

Beijing Weitong Xincheng Network Technologies Co., Ltd.

It runs as a Windows kernel mode device driver named “PassGuard”.
Publisher:
Beijing Weitong Xincheng Network Technologies Co., Ltd.  (signed and verified)

Product:
SysEnter Application

Version:
1, 0, 1, 2

MD5:
f4adb1aa6b9813fd03110d5fbb40f887

SHA-1:
62196bfb55f3dc7439b1a05a17747cab81eebfb1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 2:07:06 AM UTC  (today)

File size:
270.4 KB (276,888 bytes)

Product version:
1, 0, 1, 2

Copyright:
Copyright (C) 2010

Original file name:
SysEnter.exe

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\passguard.sys

Digital Signature
Signed by:
Beijing Weitong Xincheng Network Technologies Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/4/2011 8:00:00 AM

Valid to:
2/3/2013 7:59:59 AM

Subject:
CN="Beijing Weitong Xincheng Network Technologies Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Weitong Xincheng Network Technologies Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5ED2A4956D27820817A11ED63DF09976

File PE Metadata
Compilation timestamp:
9/8/2012 7:13:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:EtUkC3hXI165+PvjTPcknRjk06p7Si9L/vyl2amz:EtUh3hY165gvjgkRjk069LMmz

Entry address:
0x7650

Entry point:
E9, 57, 80, 01, 00, 56, 1B, AA, 92, 1F, 78, 32, 6D, EB, 29, 27, 65, A1, BE, 3B, F9, 16, 33, F1, 8F, C6, 31, 99, 61, AE, 45, E6, E1, 6D, 87, 16, 57, 3F, 95, 45, 86, D0, 8A, 61, 17, A6, 82, 24, 13, 2A, EE, 32, 50, 89, 94, 93, 00, 2A, 66, D8, 4A, 9D, 1E, 60, D2, 48, 8F, 8E, 5B, 33, 7A, 98, 47, D3, 4D, 05, DB, 16, 8F, 4F, 79, 35, 0C, D3, 92, 0D, 6A, 38, 26, 1F, 98, DE, A0, E4, 45, D2, EC, AF, 02, 43, 73, 48, B2, F0, E6, 5C, 12, 30, 8D, 93, C1, 45, 38, F0, 8E, 3E, E9, FA, 13, 91, 87, F9, 0B, 05, 80, 36, AC, 4A...
 
[+]

Entropy:
7.8339

Packer / compiler:
Xtreme-Protector v1.05

Code size:
38.5 KB (39,424 bytes)

Driver
Display name:
PassGuard

Type:
Kernel device driver (KernelDriver)


Scan passguard.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.