home

shibbwbank.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows kernel mode device driver named “SHIBBWBANK”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 2, 0

MD5:
ecf6709a932776a4f5dc720b4ef4d487

SHA-1:
b41a39bbdcea337fb37b844d300b2f761543dcd4

SHA-256:
1f5f5e17a1ea6d8299edc18a4f64bd6304bef31c3e02ed43fdfbd17d4108b4e3

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/29/2024 11:16:15 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Rozena.C.gen
4.6.5.141

File size:
154.7 KB (158,440 bytes)

Product version:
3, 0, 2, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\shibbwbank.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2015 8:00:00 AM

Valid to:
9/11/2016 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48C3DC72FE59B29E68DD8B4C8E454AD9

File PE Metadata
Compilation timestamp:
10/9/2015 6:41:16 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:mwuXaCnKdUV83k+aa3aCZrsp9XRutkeNQeqjyS0psyKEvuHcY:/uZCUV83BNqCZi9h6klvuMamHD

Entry address:
0x7A1E4

Entry point:
E8, F5, 32, FF, FF, 43, 5C, 71, D3, FC, 46, E2, 25, FB, 92, 4C, DA, 65, 72, CF, 26, 0B, FA, 77, 8E, 55, 08, A3, BE, 0B, 35, 16, ED, 56, AD, B2, 41, C6, 3D, CC, 87, 24, 2E, 2A, CB, E2, 22, DC, 10, 2A, BB, AC, 10, 96, 08, 5A, C9, 1E, DE, 72, 1E, 38, 92, 32, 43, 1F, FF, 19, 21, 18, 39, 2A, D9, B3, 49, D6, 2D, 90, 92, AE, 37, F7, 22, 95, 8D, 85, 50, E0, 7E, B5, 55, 60, 4B, 8D, F4, 6C, BE, 21, B7, 98, 35, 0E, CC, E5, EF, 69, F7, 61, C5, 1A, 3E, A7, 9B, 39, F9, 79, CB, C5, 26, 72, 8F, A7, 26, D8, 51, A0, B8, E5...
 
[+]

Entropy:
7.7663  (probably packed)

Code size:
46 KB (47,104 bytes)

Driver
Display name:
SHIBBWBANK

Type:
Kernel device driver (KernelDriver)


Scan shibbwbank.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.