home

passguard.sys

SysEnter Application

Beijing Weitong Xincheng Network Technologies Co., Ltd.

It runs as a Windows 64-bit kernel mode device driver named “PassGuard”.
Publisher:
Beijing Weitong Xincheng Network Technologies Co., Ltd.  (signed and verified)

Product:
SysEnter Application

Version:
1, 0, 0, 9

MD5:
b6e5a091b95d3b53f9539544e5771b93

SHA-1:
b4a1023d846fa6c4be15756d3d6c09e881334c15

SHA-256:
e1fb2d9e17b2ffd8df6331b18406cdac779039ba5c6517f376b7e131b338e582

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:39:08 PM UTC  (today)

File size:
504.4 KB (516,504 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2010

Original file name:
SysEnter.exe

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\passguard.sys

Digital Signature
Signed by:
Beijing Weitong Xincheng Network Technologies Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/3/2010 8:00:00 AM

Valid to:
1/3/2012 7:59:59 AM

Subject:
CN="Beijing Weitong Xincheng Network Technologies Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Weitong Xincheng Network Technologies Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3604E03D3F62E62A4B8CEBBD0953E675

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:YQxewcxBOsh2awGreU9RQE6voU01TLToQvJjYR4aC1cOuC:YaVcnh2syU9rX3B4Q9YR4aMJ

Entry point:
0F, 8E, 7F, B9, FF, FF, 68, FF, FF, 72, A3, E8, E0, 09, 00, 00, 5A, 8B, 56, 78, 9C, 85, D2, E8, 29, CD, FF, FF, E8, AD, D8, FF, FF, 60, 8D, 64, 24, 40, 0F, 84, 4E, 9A, FF, FF, 85, CC, 66, 0F, BA, E3, 0C, F9, F9, 38, E0, 9C, 8D, 64, 24, 04, 0F, 85, 10, 02, 00, 00, 68, B9, A8, 78, D0, 66, C7, 04, 24, BA, AE, 46, 8D, 64, 24, 04, 0F, 89, CA, DB, FF, FF, 60, 9C, 9C, 47, C6, 04, 24, A8, 66, 89, 44, 24, 20, 68, 62, F8, 06, BA, 8D, 64, 24, 2C, E9, 32, AB, FF, FF, DE, FE, BB, BC, 6F, C1, BB, 8E, E0, D5, 1B, FD, 14...
 
[+]

Entropy:
7.7635  (probably packed)

Driver
Display name:
PassGuard

Type:
Kernel device driver (KernelDriver)


Scan passguard.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.