» PECKP.sys
Overview
Analysis
File Details
Behaviors (1)

PECKP.sys

POWERENTER

Client Server International. Inc. Beijing Branch

It runs as a Windows kernel mode device driver named “PECKbdProtector”.

File name:

PECKP.sys

Publisher:

CSII (signed by Client Server International. Inc. Beijing Branch)

Product:

POWERENTER

Description:

PowerEnter Keyboard Protector

Version:

1, 3, 1, 112

MD5:

4bc4299da92ccafb30a487d44a322a6c

SHA-1:

12b5441247bf900417cbb39bd3553764d5f88246

SHA-256:

188cdab8f5073eb38a6f36312d9ed5063a1a515ed8ed49c8940f5c3275a0ba5e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 11:05:43 PM UTC (a few moments ago)

File size:

237.2 KB (242,920 bytes)

Product version:

1, 3, 1, 112

Trademarks:

POWERENTER

Original file name:

PECKP.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\peckp.sys

Digital Signature

Signed by:

Client Server International. Inc. Beijing Branch

Authority:

VeriSign, Inc.

Valid from:

4/22/2010 8:00:00 AM

Valid to:

4/22/2012 7:59:59 AM

Subject:

CN=Client Server International. Inc. Beijing Branch, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Client Server International. Inc. Beijing Branch, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

48A08CB3544EC389CC26F4EF590F8B10

File PE Metadata

Compilation timestamp:

12/15/2011 9:20:47 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

5.12

CTPH (ssdeep):

6144:0FeepYynHpdg6pLFkLZ7t0aFXkfsjFxhtariGPeU:ey7XOsjFz2iGPeU

Entry address:

0x4211B

Entry point:

E9, 14, E3, FF, FF, 29, C6, FF, 74, 24, 04, F3, A4, 0F, BE, F2, 9C, 68, 7F, E0, 7E, DA, 8B, 74, 24, 30, FF, 74, 24, 08, C6, 04, 24, E7, 51, 8D, 64, 24, 3C, E9, A1, 96, FF, FF, 00, 00, 50, 73, 53, 65, 74, 43, 72, 65, 61, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 4E, 6F, 74, 69, 66, 79, 52, 6F, 75, 74, 69, 6E, 65, 00, 89, F4, 9C, 9C, 60, 9C, 8D, 64, 24, 2C, E9, 95, 94, FF, FF, 51, 55, 8D, 64, 24, 08, 0F, 85, 3A, FA, FF, FF, 9C, 68, F6, 3E, 13, 26, 56, 0F, 91, C2, 66, 9C, 66, 8F, 44, 24, 0A, F6, D2, 39, F8, 8A, 16... 
[+]

Entropy:

7.6608

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

28 KB (28,672 bytes)

Driver

Display name:

PECKbdProtector

Type:

Kernel device driver (KernelDriver)

Scan PECKP.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.