» shiylbank.sys
Overview
Analysis
File Details
Behaviors (1)

shiylbank.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows kernel mode device driver named “SHIYLBANK”.

File name:

shiylbank.sys

Publisher:

沙海 (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:

沙海

Description:

SecurityPassDrv

Version:

3, 0, 0, 0

MD5:

f4312e51f4d61623108af4c1d38f37d4

SHA-1:

4965f94e3ceee009529fa3462fe2a6f8534075cf

SHA-256:

1f4e5b879f99e3fae415005ac516b0465f6a2eb3e8bb94011a94979725b33bc3

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 5:31:00 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.Agent.lK5e

2.1.4+

Bkav FE

HW32.Packed

1.3.0.8085

File size:

144.3 KB (147,776 bytes)

Product version:

3, 0, 0, 0

沙海

Original file name:

SecurityPassDrv.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\shiylbank.sys

Digital Signature

Signed by:

Chongqing Shahai Information Tech Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

5/13/2013 9:00:00 AM

Valid to:

7/13/2014 8:59:59 AM

Subject:

CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

71825A61C6D3DB1C677B6F98174E44F8

File PE Metadata

Compilation timestamp:

12/4/2013 12:18:52 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:QbCQuZPAsA8IIp8Rh0SwPhxhnFrhuGWJ/oBLYSd1+w:ZQmAsAE87wdvm/oBYSd1d

Entry address:

0x65B8D

Entry point:

50, 66, 89, 24, 24, E8, 5A, C4, 01, 00, D2, F0, B0, 2E, 84, D5, F2, AE, E8, 8B, 29, 00, 00, 66, 0F, BA, F3, 07, 01, 4D, FC, 66, 0F, B6, DA, 66, 0F, BC, DA, 83, E9, 08, 66, 0F, A3, D7, 66, F7, D3, D1, E9, 66, 0F, A3, EE, 8B, 3E, 66, 0F, BA, F3, 06, 66, 0F, CB, C0, D3, 06, FE, C3, 03, 7D, 10, 66, C1, E3, 06, F9, 66, 0F, BA, E7, 05, 83, C6, 08, 83, EC, FC, FE, C3, F5, F6, DF, C0, EF, 07, 66, 8B, 1E, 66, 0F, BA, E4, 09, C1, EB, 0C, F9, F8, E9, CE, C3, 01, 00, E8, 8D, 08, 00, 00, FF, 34, 24, 57, 98, FF, 75, FC... 
[+]

Entropy:

7.7695 (probably packed)

Code size:

42.5 KB (43,520 bytes)

Driver

Display name:

SHIYLBANK

Type:

Kernel device driver (KernelDriver)

Scan shiylbank.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.