home

xlrnbo.sys

NGO

It runs as a Windows kernel mode device driver named “XLRNBO”.
Publisher:
NGO  (signed and verified)

MD5:
cb77641a5ac3b0eced882fac699b2a1e

SHA-1:
6318fa31c09cac022d42242b52b2b9e11f643967

SHA-256:
c0006074e30036428dd890629f7d478846233bbcda8c531e7d2deb9edef97551

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 1:22:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.2.4

Bkav FE
HW32.Packed
1.3.0.7383

IKARUS anti.virus
Trojan.Crypt
t3scan.1.9.5.0

File size:
1.3 MB (1,342,464 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\xlrnbo.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
8/26/2009 3:16:42 AM

Valid to:
12/31/2039 8:59:59 PM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
EFCDAE103DFEC9A04C67D06B43EA45C1

File PE Metadata
Compilation timestamp:
8/10/2009 10:00:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
24576:Zu25DGSowNdTKuA4B4LTIHYuIlbGDEu5vtT5cTTBOeqiTNoq5/k:lDGS5NUunBOTAYuIV4Eu5vtTsTBxqiZy

Entry address:
0x141F56

Entry point:
68, 07, 1E, 02, FE, E8, F5, 35, 00, 00, 66, 0F, BA, E6, 06, 01, F8, 80, FE, 25, FF, 74, 24, 04, E9, 3F, FF, FF, FF, 86, 03, 68, 87, 61, E3, FD, E8, A4, 43, 00, 00, 87, 69, F1, BF, 8D, 64, 24, 0C, 0F, 83, 8F, 09, 00, 00, C0, F5, 05, 89, C3, 81, C7, 76, E1, 6F, 4C, 89, C7, 0F, A5, D1, 66, 0F, BA, E6, 0F, 66, 0F, B6, C9, 8D, 0C, BD, 82, B6, B4, C4, B9, 04, 01, 00, 00, 9C, E9, E5, 10, 00, 00, 34, 99, 68, 57, 36, 6A, AC, F8, 66, 0F, A3, D2, C0, C8, 04, 66, 81, FF, C5, C6, F6, C3, 0E, F8, 88, 01, 9C, F9, F8, 83...
 
[+]

Code size:
1.3 MB (1,339,392 bytes)

Driver
Display name:
XLRNBO

Type:
Kernel device driver (KernelDriver)

Depends on:
Sentinel


Scan xlrnbo.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.