» phdskmnt.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

phdskmnt.sys

phdskmnt

Lagerkvist Teknisk Radgivning i Boras HB

It runs as a Windows kernel mode device driver named “Physical Disk Mounter Miniport”. This is installed with Registry Recon.

File name:

phdskmnt.sys

Publisher:

Arsenal Recon (signed by Lagerkvist Teknisk Radgivning i Boras HB)

Product:

phdskmnt

Description:

Physical Disk Mounter

Version:

1.0.0.04

MD5:

8f8b48fd50ec8c5a0d999dee20824091

SHA-1:

75c3ecf8c9ac1a83841d00efc1f45d41d450aa0a

SHA-256:

97d8918b74004747d1513cee6c0e98b670b58b8fa9f801d311615be016cec3e8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 7:49:54 PM UTC (today)

File size:

32.8 KB (33,536 bytes)

Product version:

1.0.0.04

Original file name:

phdskmnt.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\phdskmnt.sys

Digital Signature

Signed by:

Lagerkvist Teknisk Radgivning i Boras HB

Authority:

GlobalSign nv-sa

Valid from:

2/16/2010 1:43:44 PM

Valid to:

2/16/2013 1:43:38 PM

Subject:

E=info@ltr-data.se, CN=Lagerkvist Teknisk Radgivning i Boras HB, O=Lagerkvist Teknisk Radgivning i Boras HB, S=-, C=SE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000126D6F83765

File PE Metadata

Compilation timestamp:

12/21/2012 12:41:14 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:527hhep/UESanhlnlyG7dggK612Ex66OhhBNCNzSAmSkH/hPjX5iHPudXDmHr0hU:59cCLwG73g1EkH/hPjYudXqrsfirP

Entry address:

0x5336

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, C0, FE, FF, FF, 50, 68, 44, 73, 6B, 4D, 6E, 74, 3A, 3A, 44, 72, 69, 76, 65, 72, 45, 6E, 74, 72, 79, 3A, 20, 53, 74, 6F, 72, 61, 67, 65, 50, 6F, 72, 74, 49, 6E, 69, 74, 69, 61, 6C, 69, 7A, 65, 20, 72, 65, 74, 75, 72, 6E, 65, 64, 20, 30, 78, 25, 78, 0A, 00, CC, CC, E4, 53, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, 58, 00, 00, 90, 4E, 00, 00, D4, 53, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C6, 58, 00, 00, 80, 4E, 00, 00, C8, 54, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

20.6 KB (21,120 bytes)

Driver

Display name:

Physical Disk Mounter Miniport

Service name:

phdskmnt

Description:

SCSI emulation miniport

Type:

Kernel device driver (KernelDriver)

Group:

SCSI Miniport

The file phdskmnt.sys has been discovered within the following program.

Registry Recon by Arsenal Recon

Publisher's description - “Registry Recon is not just another Registry parser. We have developed powerful new methods to parse Registry data, rather than relying on Microsoft APIs, so that Registries which have existed on a Windows system over time can be resurrected.”

arsenalrecon.com/apps/recon

27% remove it

Scan phdskmnt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.