» ScpVBus.sys
Overview
Analysis
File Details
Behaviors (1)

ScpVBus.sys

Scp Virtual Bus Driver

Bruce James

It runs as a Windows 64-bit kernel mode device driver named “Scp Virtual Bus Driver”.

File name:

ScpVBus.sys

Publisher:

Scarlet.Crush Productions (signed by Bruce James)

Product:

Scp Virtual Bus Driver

Version:

0.5.0.90 built by: WinDDK

MD5:

345666a777e30911d434934323deb14f

SHA-1:

6e0928aa9d31e6d47814e9b79a7fdea614d2f151

SHA-256:

1f1635886ebc3f7157406d57dc78884c8fb956b0f78aa66dbb93742c1bc896b7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 3:04:06 PM UTC (today)

File size:

38.3 KB (39,168 bytes)

Product version:

0.5.0.90

Original file name:

ScpVBus.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\scpvbus.sys

Digital Signature

Signed by:

Bruce James

Authority:

GlobalSign nv-sa

Valid from:

8/20/2012 7:27:23 AM

Valid to:

8/21/2013 7:27:23 AM

Subject:

CN=Bruce James, C=GB

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121F611BAE8352E9201C65095879D7BDAB1

File PE Metadata

Compilation timestamp:

1/19/2013 1:30:14 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:hxVfYCblck6gOwSmC4cT052miYU+OAHBPcYXNNg+ahV6GCQ72Gt:Z925gOqZ5LinqBXghxCQ

Entry address:

0xB174

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, C0, B1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, B6, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, B3, 00, 00, 00, 00, 00, 00, D0, B3, 00, 00, 00, 00, 00, 00, E0, B3, 00, 00, 00, 00, 00, 00, F4, B3, 00, 00, 00, 00, 00, 00, 0A, B4, 00, 00, 00, 00, 00, 00, 2C, B4, 00, 00, 00, 00, 00, 00, 42, B4, 00, 00... 
[+]

Entropy:

6.3617

Code size:

24 KB (24,576 bytes)

Driver

Display name:

Scp Virtual Bus Driver

Service name:

ScpVBus

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Scan ScpVBus.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.