home

RUSROUTE.SYS

RusRoute firewall v2 NDIS Intermediate based driver

Andrey Moiseenko

It runs as a Windows 64-bit kernel mode device driver named “MaaSoftware RusRoute Driver Disk”.
Publisher:
MaaSoftware http://www.maasoftware.ru, http://www.maasoftware.com  (signed by Andrey Moiseenko)

Product:
RusRoute firewall v2 NDIS Intermediate based driver

Version:
2.0.74

MD5:
c87779fa338e3b3f81026fd3eb701432

SHA-1:
c864fd04cbbb42f33d099901160b39e717791296

SHA-256:
727f34da957552ff00616191a8208a072ca46bce560f8937973fc7268a835aa7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 3:02:22 AM UTC  (today)

File size:
47.7 KB (48,824 bytes)

Product version:
2.0.74

Copyright:
© 2008-2010 MaaSoftware. All rights reserved.

Original file name:
RUSROUTE.SYS

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\rusroute.sys

Digital Signature
Signed by:
Andrey Moiseenko

Authority:
GlobalSign nv-sa

Valid from:
7/18/2011 8:59:04 AM

Valid to:
7/18/2012 8:59:04 AM

Subject:
CN=Andrey Moiseenko, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B2AE0C054AE619F7944C48E57342F6C4

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
768:YwYSNKT4boiCFzPsdChBV+XkqUBILdn/80ujW5itr3qgiwpKY1ObigwC3:XNKT4kzP1BIk3B6ujYitTeAlkiW

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, A7, FF, FF, FF, CC, 90, C1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, C3, 00, 00, E0, A0, 00, 00, B0, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D2, C3, 00, 00, 00, A0, 00, 00, CC, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8A, C8, 00, 00, 1C, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A2, C3, 00, 00, 94, C3, 00, 00, 86, C3, 00, 00, 72, C3, 00, 00, 5E, C3, 00, 00, B6, C3, 00, 00, 00, 00, 00, 00, 1E, C8, 00...
 
[+]

Entropy:
6.5242

Driver
Display name:
MaaSoftware RusRoute Driver Disk

Service name:
RusRouteMP

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Scan RUSROUTE.SYS - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.