home

cgkdarkwatcher.sys

Ruiware, LLC.

Publisher:
Ruiware, LLC.  (signed and verified)

MD5:
b83448dcda6c35d4fa149bf7346c1fb2

SHA-1:
9c64da9c1ad822bbaa0eb479f4e25ea825943cea

SHA-256:
c4cd11382ef6f39f4f0b2ea19895cf6e10db86a346804ecdbcd0c1e62323029d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/8/2025 3:43:14 AM UTC  (today)

File size:
14.8 KB (15,128 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\ruiware\winantiransom\drivers\x32\cgkdarkwatcher.sys

Digital Signature
Signed by:
Ruiware, LLC.

Authority:
GoDaddy.com, Inc.

Valid from:
8/5/2014 12:40:33 PM

Valid to:
8/5/2017 12:40:33 PM

Subject:
CN="Ruiware, LLC.", O="Ruiware, LLC.", L=Largo, S=Florida, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4ED10D163313B4

File PE Metadata
Compilation timestamp:
1/16/2016 10:33:23 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
192:pIurTSwkvtJhUpPLh2MapnYe+PjPDHDyeOrkg2Kblymzu9mvEcZu:BrOwoDUpPLh2rnYPLDHJU7367

Entry address:
0x403E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, C2, CF, FF, FF, CC, CC, 78, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 00, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 40, 00, 00, CE, 40, 00, 00, E6, 40, 00, 00, F8, 40, 00, 00, 10, 41, 00, 00, 26, 41, 00, 00, 36, 41, 00, 00, 4E, 41, 00, 00, 5C, 41, 00, 00, 6A, 41, 00, 00, 8C, 41, 00, 00, 98, 41, 00, 00, AE, 41, 00, 00, CA, 41, 00, 00, E2, 41, 00, 00, F0, 41, 00, 00, 00, 00, 00, 00, FC, 01...
 
[+]

Entropy:
6.3599

Code size:
5 KB (5,120 bytes)

Scan cgkdarkwatcher.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.