» semafore.sys
Overview
Analysis
File Details

semafore.sys

SemAfore

Insinooritoimisto J. Rimppi Oy

The file semafore.sys by Insinooritoimisto J. Rimppi Oy has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

semafore.sys

Publisher:

Insinööritoimisto J.Rimppi Oy, Finland (signed by Insinooritoimisto J. Rimppi Oy)

Product:

SemAfore

Description:

USB driver

Version:

5.2

MD5:

8b32cc23655fe455adc1aef1cbb8b3bb

SHA-1:

cc7fe754f41fce6335eb916dcd046ee10c4a8d87

SHA-256:

2cab6560dc33d1c9b4808f0d8b297665054f76a9e00c7d55719807c0d8d95365

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/5/2024 7:45:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InsinooritoimistoJRimppiOy (M)

16.1.11.7

File size:

25.1 KB (25,656 bytes)

Product version:

5.2

Original file name:

semafore.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\semafore521 \driver64\semafore.sys

Digital Signature

Signed by:

Insinooritoimisto J. Rimppi Oy

Authority:

GlobalSign nv-sa

Valid from:

4/6/2011 4:54:47 AM

Valid to:

5/6/2012 4:54:42 AM

Subject:

CN=Insinooritoimisto J. Rimppi Oy, O=Insinooritoimisto J. Rimppi Oy, L=Ojakkala, S=Vihti, C=FI

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012F2A32B2B3

File PE Metadata

Compilation timestamp:

11/30/2011 6:55:40 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:IYK8yL8gGDj0k9CNzD+9DVEMY9zXtvDTGeM6it0u0m18r5h/oYJLdFCz2ZeYrORS:I9boDj0k8Nf+61Wevju318r5hFL3yRS

Entry address:

0x7064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 86, 9F, FF, FF, CC, CC, E0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E4, 73, 00, 00, 20, 40, 00, 00, C0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, 74, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, 74, 00, 00, 00, 00, 00, 00, F2, 73, 00, 00, 00, 00, 00, 00, 3C, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 16, 72, 00, 00... 
[+]

Entropy:

6.4884

Code size:

13.5 KB (13,824 bytes)

Remove semafore.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.