home

shiylbank64.sys

Chongqing Shahai Information Tech Co.,Ltd

It runs as a Windows 64-bit kernel mode device driver named “SHIYLBANK”.
Publisher:
沙海  (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:
沙海

Description:
SecurityPassDrv

Version:
3, 0, 0, 0

MD5:
1d63a43fc8f8284153bf5818bbffc024

SHA-1:
0e553b6b70284f1d49ef060bdd7f9a77c7569733

SHA-256:
bddaf67f415718e4210a3f740be4f5963f9ad8f8b78b40c747f3675f2df67c35

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 9:33:43 AM UTC  (today)

File size:
458.5 KB (469,520 bytes)

Product version:
3, 0, 0, 0

Copyright:
沙海

Original file name:
SecurityPassDrv.sys

File type:
Driver (Win64 SYS)

Common path:
C:\windows\syswow64\drivers\shiylbank64.sys

Digital Signature
Signed by:
Chongqing Shahai Information Tech Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/26/2014 8:00:00 AM

Valid to:
8/26/2015 7:59:59 AM

Subject:
CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7ABA7B20248A50ACD93F3A01195662E1

File PE Metadata
Compilation timestamp:
3/17/2015 11:12:01 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:gitMQ/z8IRqqDL6KheQekiHypZK3J4Rkf0N:g2/Fsqn6KheJS4Tk

Entry address:
0x62986

Entry point:
E9, CB, 34, 00, 00, E9, 63, 09, 00, 00, 3C, 09, E9, E2, 39, 00, 00, 93, 07, 9E, 1D, 29, 4D, CC, 9C, D1, 34, 38, 84, 6C, DE, 96, C8, 98, C3, 39, 5F, 4D, 67, 8D, 53, B6, F2, F6, 68, 33, E9, E4, 91, 40, 15, 77, 5F, D8, 54, 48, E1, D4, FE, 5F, 6F, E1, 0A, D7, BA, AE, B2, B6, DA, CE, 9A, 7E, 42, D2, 89, AD, 01, 05, A1, D5, 31, C5, F9, 79, 28, 1C, F0, C0, F3, 83, B2, B6, 0A, FE, 8A, 5A, 95, 19, 87, 8B, 1F, F3, 00, 00, 00, 00, B0, 1E, EE, 55, 5F, 18, F3, 00, 00, 00, 00, C3, 2C, 58, 11, F2, 08, C0, ED, 3B, D7, 1B...
 
[+]

Entropy:
3.8275

Packer / compiler:
Xtreme-Protector v1.05

Code size:
44.9 KB (45,952 bytes)

Driver
Display name:
SHIYLBANK

Type:
Kernel device driver (KernelDriver)


Scan shiylbank64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.