» swpcap64.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

swpcap64.sys

Snow Software Packet Capture Driver

Snow Software AB

It runs as a Windows 64-bit kernel mode device driver named “Snow Software Dns Monitor Driver”. This is installed with Snow Inventory Client for Windows (x64).

File name:

swpcap64.sys

Publisher:

Snow Software AB (signed and verified)

Product:

Snow Software Packet Capture Driver

Version:

1.0.0001.16385

MD5:

a94a68589239b71a89a181c9f9238cee

SHA-1:

3c1d5a62c559157caf3de322785ac744b0507e19

SHA-256:

7cd7be6d99a9296c1b932b79389d6bff0582346191223cf287b3480dcf542a84

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 8:41:28 PM UTC (today)

File size:

17.6 KB (18,072 bytes)

Product version:

1.0.0001.16385

Original file name:

swpcap64.sys

File type:

Driver (Win64 SYS)

Language:

Language Neutral

Common path:

C:\Program Files\inventoryclient\swpcap64.sys

Digital Signature

Signed by:

Snow Software AB

Authority:

GlobalSign nv-sa

Valid from:

6/28/2012 1:14:01 PM

Valid to:

8/27/2015 11:40:29 AM

Subject:

CN=Snow Software AB, O=Snow Software AB, L=SOLNA, S=STOCKHOLM COUNTY, C=SE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112123C90003019AB1C3D5AC224F8BB13D22

File PE Metadata

Compilation timestamp:

2/13/2013 8:00:57 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:ChLPFbuq03ce80m1Gxmrrn2KWEY2dPLQdUb+K:ChL5uWe831GEr2EjpiK

Entry address:

0x6064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 86, AF, FF, FF, CC, CC, 10, 61, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, 63, 00, 00, 50, 30, 00, 00, C0, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 64, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 64, 00, 00, 00, 00, 00, 00, 00, 64, 00, 00, 00, 00, 00, 00, EE, 63, 00, 00, 00, 00, 00, 00, DE, 63, 00, 00, 00, 00, 00, 00, CC, 63, 00, 00... 
[+]

Code size:

6.5 KB (6,656 bytes)

Driver

Display name:

Snow Software Dns Monitor Driver

Service name:

SnowSoftwareDnsMonDriver

Type:

Kernel device driver (KernelDriver)

The file swpcap64.sys has been discovered within the following programs.

Snow Inventory Client for Windows (x64) by Snow Software AB

www.snowsoftware.com/int/company/about-snow-software

About 1% of users remove it

Scan swpcap64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.