» PECKP.sys
Overview
Analysis
File Details
Behaviors (1)

PECKP.sys

POWERENTER

Client Server International. Inc. Beijing Branch

It runs as a Windows kernel mode device driver named “PECKbdProtector”.

File name:

PECKP.sys

Publisher:

CSII (signed by Client Server International. Inc. Beijing Branch)

Product:

POWERENTER

Description:

PowerEnter Keyboard Protector

Version:

1, 5, 6, 0

MD5:

c90181c9592ad93d8939171a881f0052

SHA-1:

3f687a8977c210de33d76c6e0be8d08fae959669

SHA-256:

40435176ad738a0e10578d83920f50131e642e4fa5f982afa672ddfe79cc4547

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 8:41:22 AM UTC (today)

File size:

315.9 KB (323,488 bytes)

Product version:

1, 5, 6, 0

Trademarks:

POWERENTER

Original file name:

PECKP.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\peckp.sys

Digital Signature

Signed by:

Client Server International. Inc. Beijing Branch

Authority:

VeriSign, Inc.

Valid from:

4/6/2012 8:00:00 AM

Valid to:

6/6/2014 7:59:59 AM

Subject:

CN=Client Server International. Inc. Beijing Branch, OU=Technology Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Client Server International. Inc. Beijing Branch, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7B2DE93A0534D9A365E50E795A376C2D

File PE Metadata

Compilation timestamp:

1/21/2013 10:51:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

5.12

CTPH (ssdeep):

6144:4i2Wz0tyDM9S4hv1BDHYB908+MBDEYNqLn5ARf2Uccw9zFCnoOt4CJi1:lYwDCpzDHYBT528WceBcwdFCnD6/1

Entry address:

0x54841

Entry point:

E8, 4B, DD, FF, FF, FF, 74, 24, 04, 9C, 8D, 64, 24, 14, 0F, 84, 64, CA, FF, FF, 66, 0F, A3, C6, 60, 2C, 30, F9, 9C, 84, EA, FF, 34, 24, 3C, 09, 66, 89, 54, 24, 08, 8D, 64, 24, 28, 0F, 87, 66, C6, FF, FF, E8, 1B, C5, FF, FF, F9, 3B, 4A, 14, 9C, E9, 74, CC, FF, FF, 0F, CB, 20, C3, 89, C3, 9C, 80, 3F, 23, 68, B5, D8, 1C, E2, 9C, E8, F5, F2, FF, FF, 9C, C6, 04, 24, 1F, 60, 8D, 64, 24, 24, 0F, 85, 32, C6, FF, FF, 0F, 86, 41, FB, FF, FF, 66, 0F, BE, C1, B0, 32, 98, C6, 47, FF, 00, 88, C0, 53, 0F, B6, C2, 0F, 9F... 
[+]

Entropy:

7.7745 (probably packed)

Code size:

36 KB (36,864 bytes)

Driver

Display name:

PECKbdProtector

Type:

Kernel device driver (KernelDriver)

Scan PECKP.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.