home

shiordosbank.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows kernel mode device driver named “SHIORDOSBANK”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 2, 0

MD5:
051fb4342736fafe0e4bfcf13115f325

SHA-1:
574f57af68cb190e1656bd6575fde502f597d3b6

SHA-256:
a6e370767fe7a9df726014356b43bdf2d22cf2d212ddad25a05d73baa4da6a72

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 12:44:11 PM UTC  (today)

File size:
151.2 KB (154,856 bytes)

Product version:
3, 0, 2, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\shiordosbank.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2015 8:00:00 AM

Valid to:
9/11/2016 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48C3DC72FE59B29E68DD8B4C8E454AD9

File PE Metadata
Compilation timestamp:
10/9/2015 6:41:26 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:hzEOiVv/wUpULF0C8rMCmqGbIIIAbFrhIQPuWRnTzwvkXMFTicZ:NMVvJpULCrMFqGbIIIAZrhj3nXwv522

Entry address:
0x78567

Entry point:
E9, 85, 25, FF, FF, E9, BA, 19, FF, FF, C7, 44, 24, 04, 5D, 06, EF, E8, C6, 04, 24, 03, 60, 88, 04, 24, 8D, 64, 24, 24, E9, 56, 02, 01, 00, E8, DB, F9, FE, FF, E8, 46, 23, FF, FF, 09, C0, 68, 75, 88, 6C, 49, 60, FF, 74, 24, 08, 8D, 64, 24, 30, 0F, 85, 67, DF, 00, 00, 66, 0F, A4, C9, 09, 66, 0F, B3, D9, 8B, 0B, E9, 19, 27, FF, FF, 52, C7, 04, 24, 9E, 11, 10, 61, 60, 88, 54, 24, 04, 60, 8D, 64, 24, 40, E9, 7E, 09, 01, 00, CE, A8, 7D, 74, D0, DD, 69, 07, 2F, 14, FB, 94, 1F, EA, BF, AA, 0B, 35, 2A, D9, 62, 91...
 
[+]

Entropy:
7.7850

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
46 KB (47,104 bytes)

Driver
Display name:
SHIORDOSBANK

Type:
Kernel device driver (KernelDriver)


Scan shiordosbank.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.