» undovol.sys
Overview
Analysis
File Details
Behaviors (1)

undovol.sys

QuickTerm West GmbH

It runs as a Windows kernel mode device driver named “Undoable Volume Filter Driver”.

File name:

undovol.sys

Publisher:

QuickTerm West GmbH (signed and verified)

MD5:

5eb16a7cc3e1fe3694e671b5a54fca85

SHA-1:

7d424bd542a449535f0b997458aacd9418fac4ee

SHA-256:

42d1e7d03da3c9eb1a63bebe8270f23c17e70c6b5e1a9d44a03ea33afb0d6909

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 7:16:51 AM UTC (today)

File size:

173.4 KB (177,568 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\undovol.sys

Digital Signature

Signed by:

QuickTerm West GmbH

Authority:

GlobalSign nv-sa

Valid from:

11/29/2010 5:31:10 PM

Valid to:

11/30/2011 5:31:06 PM

Subject:

E=d.lohr@quickterm.de, CN=QuickTerm West GmbH, O=QuickTerm West GmbH, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012C988C1D88

File PE Metadata

Compilation timestamp:

3/24/2011 9:45:34 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:oKICjffs+76qdH82vxTxFKMndcpCQAxxxknxuYg4vYnBrlq+zJqs1+1:oFCj96qd9vxOMndylASnHTYBrlq+zJq9

Entry address:

0x1B1C6

Entry point:

55, 8B, EC, 56, 8B, 75, 08, 68, A4, 7A, 03, 00, 89, 35, 80, 95, 03, 00, E8, 33, AC, 00, 00, 59, E8, D1, FF, FF, FF, FF, 15, 00, 11, 01, 00, 6A, 00, 68, 00, 00, 04, 00, 6A, 04, E8, A9, 0E, 00, 00, 85, C0, 74, 09, 8B, C8, E8, 0E, 0F, 00, 00, EB, 02, 33, C0, A3, 28, 94, 03, 00, 85, C0, 75, 11, 68, 7C, 7A, 03, 00, E8, F7, AB, 00, 00, B8, 01, 00, 00, C0, EB, 5C, E8, 97, C4, FF, FF, 68, BC, 90, 03, 00, 68, 00, 90, 03, 00, E8, 6E, C4, FF, FF, 59, 59, 8D, 45, 0B, 50, FF, 75, 0C, C6, 45, 0B, 01, 56, E8, 1F, 13, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Driver

Display name:

Undoable Volume Filter Driver

Service name:

undoablevolume

Type:

Kernel device driver (KernelDriver)

Group:

PnP Filter

Scan undovol.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.