home

shitcrcb.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows kernel mode device driver named “SHITCRCB”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 2, 0

MD5:
27ac9541ea92a1f389d6f2ca7679003c

SHA-1:
926b77d42dbf24e5b0dfe4a7c90b03ab705fb973

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 1:47:29 PM UTC  (today)

File size:
151.2 KB (154,856 bytes)

Product version:
3, 0, 2, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\shitcrcb.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2015 8:00:00 AM

Valid to:
9/11/2016 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48C3DC72FE59B29E68DD8B4C8E454AD9

File PE Metadata
Compilation timestamp:
10/9/2015 6:41:21 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:/kxQ3BV7q2BUQg2ox7MBORYk1e/bTcrhIQ3dXG/PHMdJN0XTbocO:s2xV7RBd72I4ek1CPcrhb4nHMzQMZ

Entry address:
0x7855E

Entry point:
E9, 8E, 25, FF, FF, E9, C3, 19, FF, FF, C7, 44, 24, 04, 5D, 06, EF, E8, C6, 04, 24, 03, 60, 88, 04, 24, 8D, 64, 24, 24, E9, 51, 02, 01, 00, E8, E4, F9, FE, FF, E8, 4F, 23, FF, FF, 09, C0, 68, 75, 88, 6C, 49, 60, FF, 74, 24, 08, 8D, 64, 24, 30, 0F, 85, 62, DF, 00, 00, 66, 0F, A4, C9, 09, 66, 0F, B3, D9, 8B, 0B, E9, 22, 27, FF, FF, 52, C7, 04, 24, 9E, 11, 10, 61, 60, 88, 54, 24, 04, 60, 8D, 64, 24, 40, E9, 79, 09, 01, 00, 9A, DC, 71, 80, BC, E1, 6D, 0B, 2B, 10, FB, 94, 1F, EE, BB, AE, 07, 49, CE, 25, 16, ED...
 
[+]

Entropy:
7.7863

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
46 KB (47,104 bytes)

Driver
Display name:
SHITCRCB

Type:
Kernel device driver (KernelDriver)


Scan shitcrcb.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.