home

xlrnbo.sys

NGO

It runs as a Windows kernel mode device driver named “XLRNBO”.
Publisher:
NGO  (signed and verified)

MD5:
31a601b4d42fc5b6f6bf643d908e87d4

SHA-1:
655b92d0c639e416c723fbc5c379d4e9063ed119

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 4:50:36 AM UTC  (today)

File size:
282 KB (288,768 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\xlrnbo.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
8/4/2009 3:55:45 PM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
CB213AC9B9E9FE9B4366E084CAE30A53

File PE Metadata
Compilation timestamp:
2/10/2010 9:40:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
6144:GpxwFhC7v9/bvASA5aqme4NBOQQaWNpE5WFVi:qwFs1/bYdajBBOe8pEEFU

Entry address:
0x3FE83

Entry point:
68, 66, 37, DB, E4, E8, E0, 4A, 00, 00, 8D, 64, 24, 08, 0F, 83, 5B, 03, 00, 00, 81, EF, 84, A0, 2D, A6, 66, 0F, A3, E5, 66, BF, A3, F8, 89, C3, FE, C5, 66, 0F, BC, C9, 68, B0, 10, A3, C8, 0F, B6, F9, 89, C7, 8A, 0C, 24, 59, C0, D5, 06, B9, 04, 01, 00, 00, F9, F8, 30, C0, E8, 51, 03, 00, 00, C6, 44, 24, 04, A7, FF, 74, 24, 04, 8D, 64, 24, 3C, 0F, 87, AC, EE, FF, FF, 60, 8D, 64, 24, 20, 0F, 82, 9D, 35, 00, 00, E9, 29, 1F, 00, 00, 57, 89, 44, 24, 40, 88, 7C, 24, 10, FF, 74, 24, 40, C2, 44, 00, E9, 7F, 36, 00...
 
[+]

Code size:
279 KB (285,696 bytes)

Driver
Display name:
XLRNBO

Type:
Kernel device driver (KernelDriver)

Depends on:
Sentinel


Scan xlrnbo.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.