home

shiebcpay64.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows 64-bit kernel mode device driver named “SHIEBCPAY”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 2, 0

MD5:
6ce18c18a3a692ed08382b552de71964

SHA-1:
37c49b5732a7d3fbd2087095adc76fc78af3e035

SHA-256:
18524d76f17bb9567eb40ddee6c80d98c30ffe492337bb38e55db6cd0792989d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 10:03:25 AM UTC  (today)

File size:
453.5 KB (464,360 bytes)

Product version:
3, 0, 2, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win64 SYS)

Common path:
C:\windows\syswow64\drivers\shiebcpay64.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2015 8:00:00 AM

Valid to:
9/11/2016 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48C3DC72FE59B29E68DD8B4C8E454AD9

File PE Metadata
Compilation timestamp:
10/9/2015 6:41:49 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:S7E04L5dqqDL6HIxWIBNyBpXJsKg9Rx38Sq1k:35gqn6oxWIB6pZsKg9NX

Entry address:
0x6B05C

Entry point:
E9, 9F, 08, 00, 00, F5, F8, 0F, 85, 7D, 00, 00, 00, F8, 2B, 4A, 10, F9, 3B, 4A, 14, E9, 20, 8D, FF, FF, 0F, 86, E5, FF, FF, FF, 66, D3, E1, 8B, 7A, 24, C6, C7, 1C, 48, D3, D9, FE, C7, 66, 0F, B3, C9, 48, 01, C7, 66, 0F, BA, E4, 0B, 66, 0F, BA, F9, 03, 29, F9, C0, E7, 06, 8B, 5A, 20, 66, 01, F1, 48, 01, C3, 0F, A3, E7, 66, 0F, BB, F9, D2, D9, 66, 0F, BC, CA, C7, 45, F8, 00, 00, 00, 00, 30, C5, 80, E1, 1D, 8B, 4A, 18, 66, 0F, BA, E5, 0F, 0F, A3, F9, F5, 3B, 4D, F8, E9, 3B, 92, FF, FF, 0F, 87, F9, F3, FF, FF...
 
[+]

Entropy:
3.7772

Packer / compiler:
Xtreme-Protector v1.05

Code size:
47.1 KB (48,256 bytes)

Driver
Display name:
SHIEBCPAY

Type:
Kernel device driver (KernelDriver)


Scan shiebcpay64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.