home

passguard_x64.sys

SysEnter Application

Beijing Weitong Xincheng Network Technologies Co., Ltd.

It runs as a Windows 64-bit kernel mode device driver named “PassGuard”.
Publisher:
Beijing Weitong Xincheng Network Technologies Co., Ltd.  (signed and verified)

Product:
SysEnter Application

Version:
1, 0, 0, 5

MD5:
eda2b03d5c96efee854cf21e03f980ac

SHA-1:
88bb989889b25617d27235b13f47b02a3eb9e621

SHA-256:
07f3174645c8e799dd982756aadfbd3b6f6f5c5cf0f4f820d0fd446f3cfbc4d1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 5:25:46 AM UTC  (today)

File size:
233.9 KB (239,472 bytes)

Product version:
1, 0, 0, 5

Copyright:
Copyright (C) 2011

Original file name:
SysEnter.exe

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\passguard_x64.sys

Digital Signature
Signed by:
Beijing Weitong Xincheng Network Technologies Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/3/2010 8:00:00 AM

Valid to:
1/3/2012 7:59:00 AM

Subject:
CN="Beijing Weitong Xincheng Network Technologies Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Weitong Xincheng Network Technologies Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3604E03D3F62E62A4B8CEBBD0953E675

File PE Metadata
Compilation timestamp:
4/2/2011 1:36:03 PM

OS version:
5.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:DAd55AojIyX67KNTxM/alkfFPpIR1fb1i7iE4Hwskp7nuVl8GS4lYPn9OhDzFK0F:DsBjIG6ON3lkk3boUy7nuVrHYPGZ3

Entry address:
0xA8C0

Entry point:
E9, 8D, FB, 02, 00, 66, 89, 45, 08, 0F, 8E, 75, 04, 00, 00, 9C, E9, 5E, F8, FF, FF, 48, 85, E9, 48, 98, E9, EA, 06, 00, 00, 9C, 0F, 80, 94, 03, 00, 00, 8F, 45, 00, E9, 8C, DF, FF, FF, 66, D3, F0, 48, 8B, 45, 00, F8, F5, F5, 48, 83, C5, 06, E9, 02, EF, FF, FF, E9, E8, EB, FF, FF, 8F, 45, 00, E9, 6C, DF, FF, FF, 48, 0F, BC, C4, 66, 3D, FC, 09, 48, 8B, 45, 00, F9, 66, 0F, BA, E3, 0C, 85, DD, 66, 0F, A3, CE, 48, 83, C5, 06, E9, BF, 01, 00, 00, E9, 24, F9, FF, FF, E9, 1E, E0, FF, FF, E9, 9D, FE, FF, FF, E9, 86...
 
[+]

Entropy:
7.0585

Packer / compiler:
Xtreme-Protector v1.05

Code size:
47 KB (48,128 bytes)

Driver
Display name:
PassGuard

Type:
Kernel device driver (KernelDriver)


Scan passguard_x64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.