home

passguard.sys

SysEnter Application

Beijing Weitong Xincheng Network Technologies Co., Ltd.

It runs as a Windows 64-bit kernel mode device driver named “PassGuard”.
Publisher:
Beijing Weitong Xincheng Network Technologies Co., Ltd.  (signed and verified)

Product:
SysEnter Application

Version:
1, 0, 1, 0

MD5:
e1ace17ddaf078458e2ff063c8457e8c

SHA-1:
8aae4bdbe60c40293885c5f6e57256800f9084a2

SHA-256:
f80685d3f3bea03f4d663cd38b604750ef69af74b9693c0490618fa1c08b153a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 3:48:28 PM UTC  (today)

File size:
415.4 KB (425,368 bytes)

Product version:
1, 0, 1, 0

Copyright:
Copyright (C) 2010

Original file name:
SysEnter.exe

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\passguard.sys

Digital Signature
Signed by:
Beijing Weitong Xincheng Network Technologies Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/4/2011 8:00:00 AM

Valid to:
2/3/2013 7:59:59 AM

Subject:
CN="Beijing Weitong Xincheng Network Technologies Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Weitong Xincheng Network Technologies Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5ED2A4956D27820817A11ED63DF09976

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:fl/9bjpGzEkJ3HtRCbx14Lf5jUw+RcEVcAor0gObSDMwqe0pRkDfbJzdXkP3/x:N/9bjEzbeN14Lh7+71r+4RIfbJzRkB

Entry point:
60, E9, 28, E2, FF, FF, 00, 00, 4B, 65, 41, 64, 64, 53, 79, 73, 74, 65, 6D, 53, 65, 72, 76, 69, 63, 65, 54, 61, 62, 6C, 65, 00, AC, F5, 9C, 04, 79, 60, C0, C8, 05, F5, 34, BD, 9C, C0, C8, 04, F8, 3A, 07, 66, 0F, B6, C0, 8D, 7F, 01, 66, 0F, B6, C0, E9, 81, 1F, 00, 00, B6, 7D, 06, 00, EB, 3F, 06, 00, D2, 36, 06, 00, 49, 38, 06, 00, 1A, 77, 06, 00, 39, 55, 06, 00, 04, 5B, 06, 00, 2C, 41, 06, 00, 3C, 53, 06, 00, C5, 63, 06, 00, 2B, 5B, 06, 00, 17, 63, 06, 00, 30, 57, 06, 00, 67, 3E, 06, 00, 81, 7A, 06, 00, 52...
 
[+]

Entropy:
7.7055

Packer / compiler:
ASProtect v1.1, 0xBRS

Driver
Display name:
PassGuard

Type:
Kernel device driver (KernelDriver)


Scan passguard.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.