{blocked}.sys

kmclass

上海戴思软件技术有限公司

It runs as a Windows 64-bit kernel mode device driver named “yy4967das”.
Publisher:
ASSoft  (signed by 上海戴思软件技术有限公司)

Product:
kmclass

Description:
kmclass driver

Version:
1, 0, 0, 1

MD5:
fb66e6b7b7cc3c8366df8f941cd62d6a

SHA-1:
a4f9867164b229e3ad9a8326e9b5949ef11cf927

SHA-256:
ff6c73a1d733e36c77c7318c1cc40873ffa451800052412d61063f130671d8c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/28/2024 3:22:40 AM UTC  (today)

File size:
15.7 KB (16,032 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2012

Original file name:
kmclass.exe

File type:
Driver (Win64 SYS)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/10/2015 8:00:00 AM

Valid to:
10/9/2018 7:59:59 AM

Subject:
CN=上海戴思软件技术有限公司, OU=技术, O=上海戴思软件技术有限公司, L=上海, S=上海, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
18003FA3FB79D35FEE0A10B851DA0E47

File PE Metadata
Compilation timestamp:
9/1/2016 2:27:54 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x1080

Entry point:
48, 8B, C4, 48, 89, 58, 10, 48, 89, 68, 18, 48, 89, 70, 20, 57, 48, 81, EC, 60, 06, 00, 00, 48, 8B, F1, 33, ED, 48, 8D, 88, FA, FB, FF, FF, 33, D2, 41, B8, FE, 03, 00, 00, 48, 89, 68, 08, 66, 89, A8, F8, FB, FF, FF, E8, 35, 0A, 00, 00, 48, 8D, 4C, 24, 62, 33, D2, 41, B8, FE, 01, 00, 00, 66, 89, 6C, 24, 60, E8, 1E, 0A, 00, 00, 48, 8D, 4C, 24, 60, E8, 34, 02, 00, 00, 48, 8B, CD, 48, 8D, 15, 1A, EF, FF, FF, 85, C0, 0F, 88, 96, 00, 00, 00, 66, 90, 0F, B7, 84, 11, 90, 20, 00, 00, 48, 83, C1, 02, 66, 89, 84, 0C...
 
[+]

Entropy:
6.5305

Code size:
4.5 KB (4,608 bytes)

Driver
Display name:
yy4967das

Type:
Kernel device driver (KernelDriver)


Scan {blocked}.sys - Powered by Reason Core Security