home

shiloyalty.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows kernel mode device driver named “SHILOYALTY”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 0, 0

MD5:
2a78bf841dd25fcdc69bf8c4a87b9830

SHA-1:
0c321b28fe3daa67c7e61f4a677b5ef2f997a98b

SHA-256:
f9f50abfd6abd55dacc1576a1726b363f6765172c8b819fff7bda09eab3ddb33

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 9:18:00 AM UTC  (today)

File size:
145.3 KB (148,752 bytes)

Product version:
3, 0, 0, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\shiloyalty.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/26/2014 8:00:00 AM

Valid to:
8/26/2015 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7ABA7B20248A50ACD93F3A01195662E1

File PE Metadata
Compilation timestamp:
3/23/2015 10:47:40 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:W32cB2xE1ExOuLRBj7pWPxtp3+mANxSVl0dHFS1zJH+S:/YWLRBjUxuNxI0dHFetH7

Entry address:
0x6F72C

Entry point:
9C, 88, 14, 24, 60, E8, 13, CB, FF, FF, 86, 6D, DE, 15, B0, A3, AB, A3, 36, 3B, 03, 51, 5C, C3, E8, 73, C8, 3F, 3C, CB, 87, 14, 05, FC, FD, 47, EC, 1B, C6, 99, 8A, 79, E1, CE, 09, 44, EC, B1, C9, 2A, 1A, 6C, 65, 01, 44, 6F, 72, E8, 55, 18, E4, C3, 10, 0C, 8B, EF, 66, 9E, 6A, A7, BB, B7, 09, F3, CA, 7A, 7D, D0, 7C, 17, AA, E7, 6A, 18, C7, 1D, 94, F3, 33, 1F, 17, BD, 06, 2F, EB, 02, D2, 7A, 7B, 97, 80, EB, 35, 19, DA, 16, 88, 03, 2D, 11, D2, 36, 68, 2A, C0, 70, 71, C1, D3, 67, 88, B0, A8, 10, 90, 49, 3E, 6C...
 
[+]

Entropy:
7.7646  (probably packed)

Code size:
43 KB (44,032 bytes)

Driver
Display name:
SHILOYALTY

Type:
Kernel device driver (KernelDriver)


Scan shiloyalty.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.