home

RUSROUTE.SYS

RusRoute firewall v2 NDIS Intermediate based driver

Andrey Moiseenko

It runs as a Windows 64-bit kernel mode device driver named “MaaSoftware RusRoute Driver Disk”.
Publisher:
MaaSoftware http://www.maasoftware.ru, http://www.maasoftware.com  (signed by Andrey Moiseenko)

Product:
RusRoute firewall v2 NDIS Intermediate based driver

Version:
2.0.74

MD5:
fa2f9486fde6f2567d3d133b1013c21d

SHA-1:
96091b6514d2924e8158053960e72babe21cd54c

SHA-256:
e432c31f1b0f778c91a4a6cd4eb140a253615b2ed34f470ccbf151b3f8e23071

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/4/2024 9:41:32 PM UTC  (today)

File size:
59.7 KB (61,112 bytes)

Product version:
2.0.74

Copyright:
© 2008-2010 MaaSoftware. All rights reserved.

Original file name:
RUSROUTE.SYS

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\rusroute.sys

Digital Signature
Signed by:
Andrey Moiseenko

Authority:
GlobalSign nv-sa

Valid from:
7/18/2011 5:59:04 PM

Valid to:
7/18/2012 5:59:04 PM

Subject:
CN=Andrey Moiseenko, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B2AE0C054AE619F7944C48E57342F6C4

File PE Metadata
Compilation timestamp:
6/11/2010 5:31:07 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:3ao00kSYTC5lzw68WDKqn2lLn4R/ZVlki6:3L00kSSCIEbn2lLnqxq

Entry address:
0xF070

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 7A, FF, FF, FF, CC, CC, 78, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, F4, 00, 00, 98, C1, 00, 00, E0, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, F4, 00, 00, 00, C0, 00, 00, F0, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, F9, 00, 00, 10, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 36, F4, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
46 KB (47,104 bytes)

Driver
Display name:
MaaSoftware RusRoute Driver Disk

Service name:
RusRouteMP

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Scan RUSROUTE.SYS - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.