» shinjbank64.sys
Overview
Analysis
File Details
Behaviors (1)

shinjbank64.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows 64-bit kernel mode device driver named “shinjbank”.

File name:

shinjbank64.sys

Publisher:

沙海 (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:

沙海

Description:

SecurityPassDrv

Version:

3, 0, 0, 0

MD5:

74f4e61f7b56195a58e4039df7135399

SHA-1:

49fa9cb1a936f6a2416d72237d27e8c04d6cb457

SHA-256:

ff91c177b3bb854eb1db84aacec0046f2581a0be762ee2c793c2f27f8682156a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 11:19:34 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Win32/Patched

2016.0.3136

File size:

469.4 KB (480,704 bytes)

Product version:

3, 0, 0, 0

沙海

Original file name:

SecurityPassDrv.sys

File type:

Driver (Win64 SYS)

Common path:

C:\windows\syswow64\drivers\shinjbank64.sys

Digital Signature

Signed by:

Chongqing Shahai Information Tech Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

5/13/2013 8:00:00 AM

Valid to:

7/13/2014 7:59:59 AM

Subject:

CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

71825A61C6D3DB1C677B6F98174E44F8

File PE Metadata

Compilation timestamp:

1/10/2014 11:00:21 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:o+KX/ijqqDL6azVKAVDPo1lcAIcscwc7AL:XB+qn6azVzVDA1OAyKq

Entry address:

0x63DB1

Entry point:

E9, 27, B7, 00, 00, 0F, 85, 4F, B6, 00, 00, F9, 66, D3, E9, 80, D5, B2, D2, FD, 8B, 0B, F9, F8, 09, C9, E9, B5, B5, 00, 00, F8, 80, 7F, FF, 00, E9, AF, 38, 00, 00, 0F, 82, FD, BE, 00, 00, E9, 1E, 31, 00, 00, 0F, 83, 7F, 88, 00, 00, 66, C1, EF, 0F, 80, F1, 9F, 48, 89, C3, 0F, C1, CF, 48, 89, C7, 66, 0F, BB, D1, C0, D1, 04, B9, 04, 01, 00, 00, F9, 66, F7, C1, E2, D5, 28, C0, E9, 47, A0, 00, 00, E9, 4C, AA, 00, 00, E9, F5, 24, 00, 00, 48, 89, D9, 66, 01, D0, D2, D8, 48, 83, EC, 20, 0F, BE, C3, 0F, B6, C3, 48... 
[+]

Entropy:

3.9094

Packer / compiler:

Xtreme-Protector v1.05

Code size:

43.9 KB (44,928 bytes)

Driver

Display name:

shinjbank

Type:

Kernel device driver (KernelDriver)

Scan shinjbank64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.