» veth32.sys
Overview
Analysis
File Details
Behaviors (1)

veth32.sys

Shimousa Systems Corporation

It runs as a Windows kernel mode device driver named “1001-VETH”.

File name:

veth32.sys

Publisher:

Shimousa Systems Corporation (signed and verified)

MD5:

39f6782f28cea56b1b93b999591aa308

SHA-1:

d300e3fa0e191685912b155446dc14d06c693f51

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 8:48:29 AM UTC (today)

File size:

40 KB (40,984 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\veth32.sys

Digital Signature

Signed by:

Shimousa Systems Corporation

Authority:

GlobalSign nv-sa

Valid from:

12/1/2007 3:19:00 AM

Valid to:

12/1/2010 3:19:00 AM

Subject:

E=info@shimousa.com, CN=Shimousa Systems Corporation, O=Shimousa Systems Corporation, C=JP

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000011691C8719B

File PE Metadata

Compilation timestamp:

1/26/2008 11:11:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.0

CTPH (ssdeep):

768:eY0iQ8bksRNhSkm1UB21ShSfGaslYm2DmBdwzxYlX4/26GJiQ:H08kwHrJYfGd2DmBOlYlX4O62iQ

Entry address:

0x7E80

Entry point:

55, 8B, EC, 6A, FF, 68, 78, 73, 01, 00, 68, C8, 70, 01, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 6C, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 53, 8B, 45, 0C, 50, 8B, 4D, 08, 51, 68, 48, 7E, 01, 00, FF, 15, 68, 71, 01, 00, B9, 18, 00, 00, 00, 33, C0, 8D, 7D, 88, F3, AB, C6, 45, 88, 05, 88, 5D, 89, 89, 5D, 90, 89, 5D, 94, 89, 5D, 98, C7, 45, 9C, 15, 21, 01, 00, 89, 5D, A0, C7, 45, A4, 65, 54, 01, 00, 89, 5D, A8, C7, 45, AC, DD, 23, 01, 00, 89, 5D, B0, C7, 45, B4, 6D, 04, 01, 00... 
[+]

Entropy:

6.8072

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

29.3 KB (29,952 bytes)

Driver

Display name:

1001-VETH

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

Scan veth32.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.