» VirtualP.sys
Overview
Analysis
File Details
Behaviors (1)

VirtualP.sys

Pnp Driver for "VirtualDisk"

WDKTestCert Administrator

It runs as a Windows 64-bit kernel mode device driver named “iSharePnp”.

File name:

VirtualP.sys

Publisher:

VirtualDisk (signed by WDKTestCert Administrator)

Product:

Pnp Driver for "VirtualDisk"

Description:

VirtualDisk

Version:

1.6.2423.20131031

MD5:

1409b5b565b7c63167e97f2088947caf

SHA-1:

dcbbfc4d72fdbb8abf17bca3cff93ff084e80a41

SHA-256:

f5074bd47da841dbbdb02baff4d8d51156b635a09face09818cadc6b08d67009

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/6/2024 7:44:22 AM UTC (today)

File size:

52.4 KB (53,624 bytes)

Product version:

1.6.2423.20131031

Original file name:

VirtualP.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\virtualp.sys

Digital Signature

Signed by:

WDKTestCert Administrator

Authority:

WDKTestCert Administrator

Valid from:

6/18/2013 8:59:02 AM

Valid to:

6/18/2023 9:00:00 AM

Subject:

CN="WDKTestCert Administrator,130159871412336479"

Issuer:

CN="WDKTestCert Administrator,130159871412336479"

Serial number:

1971E4CD0CB856B44E53847B50B236E7

File PE Metadata

Compilation timestamp:

10/31/2013 10:42:59 PM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:CaZyiXJR63y20Dvw14/A3tll9M6ReWD88jTkms8umxbjOEhJ+4A4CR0uGlf0ZxoV:JB20mrNBXtwmpj/+4FSouTy0C

Entry address:

0xE070

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 83, FF, FF, FF, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, C2, 3F, FF, FF, CC, CC, E8, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, E7, 00, 00, 10, B0, 00, 00, D8, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, E7, 00, 00, 00, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CA, E7, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F4, E2, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0034

Code size:

40 KB (40,960 bytes)

Driver

Display name:

iSharePnp

Type:

Kernel device driver (KernelDriver)

Group:

iSharePnpGroup

Scan VirtualP.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.