home

phosgene.sys

ADORIASOFT LLC

It runs as a Windows kernel mode device driver named “FaceRig Virtual Camera”.
Publisher:
ADORIASOFT LLC  (signed and verified)

MD5:
6ea180d75494fc23ac802ce1a8b4ed03

SHA-1:
229601d90f6c62d1e2b34275b9e447e04931633a

SHA-256:
9bc9c0a7fc6f6abf1d7b21935961f6ccfcebf0527980b290604546bf772ae7d2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 5:10:34 AM UTC  (today)

File size:
27.4 KB (28,024 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\phosgene.sys

Digital Signature
Signed by:
ADORIASOFT LLC

Authority:
COMODO CA Limited

Valid from:
11/14/2014 1:00:00 AM

Valid to:
11/15/2015 12:59:59 AM

Subject:
CN=ADORIASOFT LLC, OU=Software Development, O=ADORIASOFT LLC, STREET=Novgorodska street 11, L=Kharkov, S=Kharkivska, PostalCode=61000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008C56A21ED8A2151EAFFAEE3C6CDF0B68

File PE Metadata
Compilation timestamp:
6/8/2015 2:43:25 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
384:WG3k2NUGBkTuDTy8LVYRpZaj0RbgnYPLVaYBMoprii:zU2NUGBdDTy8JqkQbgQBrii

Entry address:
0x9000

Entry point:
8B, FF, 55, 8B, EC, E8, 06, 00, 00, 00, 5D, E9, 1A, 86, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, A1, 14, 40, 40, 00, B9, 4E, E6, 40, BB, 85, C0, 74, 04, 3B, C1, 75, 18, 0F, 31, 35, 14, 40, 40, 00, 89, 55, FC, A3, 14, 40, 40, 00, 75, 07, 8B, C1, A3, 14, 40, 40, 00, F7, D0, A3, 10, 40, 40, 00, 8B, E5, 5D, C3, F8, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, 95, 00, 00, 60, 30, 00, 00, 9C, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 95, 00, 00, 04, 30, 00, 00, AC, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
12.5 KB (12,800 bytes)

Driver
Display name:
FaceRig Virtual Camera

Service name:
Phosgene

Type:
Kernel device driver (KernelDriver)


Scan phosgene.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.