home

winflash.sys

Phoenix Technologies Ltd.

Publisher:
Phoenix Technologies Ltd.  (signed and verified)

MD5:
bbdddc3b588b509aaa0ea2fd5d2d5468

SHA-1:
464d3701eb26ac322a0cd0bfc138ef6d0c438749

SHA-256:
005fdaa2094d39cf2e53ecea39e6c9b60b40aae0866fc9827387b9a8843f5eab

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 11:54:32 PM UTC  (a few moments ago)

File size:
20.7 KB (21,160 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\winflash.sys

Digital Signature
Signed by:
Phoenix Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/6/2010 1:00:00 AM

Valid to:
1/7/2011 12:59:59 AM

Subject:
CN=Phoenix Technologies Ltd., OU=CSS Core Features Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Phoenix Technologies Ltd., L=Milpitas, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
24EDCB5EEC24D9D7B633E24B93882993

File PE Metadata
Compilation timestamp:
12/3/2010 9:06:21 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:DUuQNXW15zhGEkvWAHqbqqcY9uY9AK0ePoEatx6YJLu1M6jYAbC/UCYM:DUuQNXWHLdBqYgFLWMmvbC/UCYM

Entry address:
0x313E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, D4, F8, FF, FF, CC, CC, 78, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 33, 00, 00, 80, 2B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, 31, 00, 00, EE, 31, 00, 00, 06, 32, 00, 00, 1E, 32, 00, 00, 30, 32, 00, 00, 50, 32, 00, 00, 60, 32, 00, 00, 76, 32, 00, 00, 8A, 32, 00, 00, A2, 32, 00, 00, BA, 32, 00, 00, E0, 32, 00, 00, F8, 32, 00, 00, 22, 33, 00, 00, 2C, 33, 00, 00, 36, 33, 00, 00, 50, 33, 00, 00, 62, 33...
 
[+]

Code size:
10.5 KB (10,752 bytes)

Scan winflash.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.