home

SafeBoxKrnl.sys

Qizhi Software (beijing) Co. Ltd

It runs as a Windows kernel mode device driver named “SafeBoxKrnl”.
Publisher:
360安全中心  (signed by Qizhi Software (beijing) Co. Ltd)

Product:
360安全中心

Description:
360安全卫士 - 保险箱

Version:
2, 2, 2, 1007

MD5:
5db533e272f124561e2c0735c27ca912

SHA-1:
4e1208f8445d9230d15055c208bc204bcfdb8e71

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 12:04:23 AM UTC  (today)

File size:
199.8 KB (204,544 bytes)

Product version:
2, 2, 2, 1007

Copyright:
版权所有 (C) 2006-2007 360安全中心

Original file name:
SafeBoxKrnl.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\safeboxkrnl.sys

Digital Signature
Signed by:
Qizhi Software (beijing) Co. Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/24/2006 8:00:00 AM

Valid to:
11/24/2008 7:59:59 AM

Subject:
CN=Qizhi Software (beijing) Co. Ltd, OU=Secure Application Development, O=Qizhi Software (beijing) Co. Ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
613BF885496412207ECB70ACFAC6755B

File PE Metadata
Compilation timestamp:
9/2/2008 6:01:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
1536:i3ZS9Miu27g1ZfAPS7wdec/4anxXHAom8bhnRow0u7+IPn4v:Ou5u27KGgwdec/4W8Covu/Pn2

Entry address:
0x2E305

Entry point:
A1, B0, 4C, 02, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 19, A1, 90, 18, 02, 00, 8B, 00, 35, B0, 4C, 02, 00, A3, B0, 4C, 02, 00, 75, 06, 89, 0D, B0, 4C, 02, 00, E9, F5, 31, FE, FF, CC, CC, CC, 84, E3, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2E, ED, 02, 00, 10, 17, 01, 00, 74, E3, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, ED, 02, 00, 00, 17, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, ED, 02, 00, 3C, ED, 02, 00, 64, ED, 02, 00, 00, 00, 00, 00, 74...
 
[+]

Entropy:
3.7353

Code size:
71.3 KB (72,960 bytes)

Driver
Display name:
SafeBoxKrnl

Type:
Kernel device driver (KernelDriver)


Scan SafeBoxKrnl.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.