home

tqhook.sys

Fujian NetDragon Computer Network Information Technology Co.,Ltd

It runs as a Windows 64-bit kernel mode device driver named “tqhook”.
Publisher:
Fujian NetDragon Computer Network Information Technology Co.,Ltd  (signed and verified)

MD5:
1580f3524a388e116adf8c7ca4d671a0

SHA-1:
385c5ba1024982248483b8b5e992231c2175db84

SHA-256:
4a77f5727618f6711da46754d50cae41463dd8e5d2329ab8446a470aff024dbb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 11:37:32 PM UTC  (a few moments ago)

File size:
28.8 KB (29,472 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\windows\syswow64\drivers\tqhook.sys

Digital Signature
Signed by:
Fujian NetDragon Computer Network Information Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/23/2011 5:00:00 PM

Valid to:
5/23/2013 4:59:59 PM

Subject:
CN="Fujian NetDragon Computer Network Information Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Fujian NetDragon Computer Network Information Technology Co.,Ltd", L=Fuzhou, S=Fujian, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
100B8C7906B918CB6F26781A978C7164

File PE Metadata
Compilation timestamp:
1/20/2013 7:37:03 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:FDaErVjxyx22sipvvsVIJgKzBe2107a7Uk0rlaAd/CUSZhUHO/C8HY/nYPLhUi7n:cEp9RUBeU0eNGla1Z70H0

Entry address:
0x86CC

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 1E, F9, FF, FF, CC, CC, CC, CC, CC, CC, 44, 72, 69, 76, 65, 72, 20, 65, 6E, 74, 72, 79, 3A, 25, 53, 2E, 25, 64, 20, 56, 32, 0A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 7B, 6D, 73, 6D, 27, 62, 7B, 6D, 00, CC, CC, CC, CC, CC, CC, CC, 40, 4E, 59, 42, 65, 6E, 66, 66, 76, 28, 64, 71, 62, 00, CC, CC, 40, 63, 76, 71, 70, 77, 66, 7C, 71, 28, 64, 71, 62, 00, CC, CC, 52, 67, 74, 6E, 46, 69, 6F, 61, 6C, 63, 2F, 6C...
 
[+]

Entropy:
6.5875

Code size:
16.5 KB (16,896 bytes)

Driver
Display name:
tqhook

Type:
Kernel device driver (KernelDriver)


Scan tqhook.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.