tizeq64.sys

Tomislav Zubcic

It runs as a Windows 64-bit kernel mode device driver named “tizeqdrv”.
Publisher:
Tomislav Zubcic  (signed and verified)

MD5:
5c049741e220dc6fe3d7469528b787ea

SHA-1:
81eece737c64960b1187f209bff62c851eeb7215

SHA-256:
0ebf5c0e1fc5613cad9c0f663e10110d2b44673cc04ef3368ce8b1fdd8bed212

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/29/2016 3:39:18 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
17073

McAfee
Generic Obfuscated.c
5600.7246

McAfee Web Gateway
Generic Obfuscated.c
7.7246

File size:
167.7 KB (171,704 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\users\{user}\appdata\roaming\tzac2\tizeq64.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
8/25/2011 2:55:20 PM

Valid to:
7/25/2012 4:05:18 PM

Subject:
CN=Tomislav Zubcic, C=HR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A766DBF7828D34AE4359F29127FBC4C0

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:5yRkd7sx7PFjXiz6ownT+RLmNm/xEbf+SIY+kpK+K0Fn8n+zjy6NaAqC:kRkd7e9TizbwiFxqnZ+9+K0Fn8nGuSak

Entry point:
E9, 8C, 3E, 00, 00, 0F, 83, 00, 30, 00, 00, 0F, 84, BF, 0B, 00, 00, F5, F5, 2C, 30, 66, 0F, A3, E9, 0F, 8E, DD, FC, FF, FF, F9, 66, 0F, BA, E3, 0B, 3C, 09, E9, BF, F3, FF, FF, 50, E9, F6, 2A, 00, 00, 48, 89, EC, 66, 0F, B6, E8, 5D, C3, E9, 71, DC, FF, FF, 68, AD, EF, DD, FF, E9, BE, 31, 00, 00, 24, C1, 48, 29, FB, F6, C3, E2, 38, EF, 48, 01, E3, 66, F7, D7, 66, 0F, AB, EF, 66, C1, D7, 02, 48, 89, DF, 14, C7, F6, D8, 1C, 4C, 28, D8, B0, 2E, F5, 84, F3, F8, 85, DE, F2, AE, E9, F1, 11, 00, 00, E9, 59, 02, 00...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Driver
Display name:
tizeqdrv

Type:
Kernel device driver (KernelDriver)


Scan tizeq64.sys - Powered by Reason Core Security