» cheano_drv.sys
Overview
Analysis
File Details
Behaviors (1)

cheano_drv.sys

杭州易玩科技有限公司

It runs as a Windows 64-bit kernel mode device driver named “cheano_drv”.

File name:

cheano_drv.sys

Publisher:

杭州易玩科技有限公司 (signed and verified)

MD5:

24dffd20e592274f338e8a436973db42

SHA-1:

ecf32093556380df09370951ff039433091cdf53

SHA-256:

e603eeeaa530412198c0885f14d6f9a8c499cdb058496769087499c41f44f485

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

3/9/2025 9:36:10 PM UTC (today)

File size:

1.4 MB (1,507,296 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\steam\steamapps\common\counter-strike global offensive\bin\cheano_drv.sys

Digital Signature

Signed by:

杭州易玩科技有限公司

Authority:

GlobalSign nv-sa

Valid from:

10/27/2016 3:24:26 PM

Valid to:

10/28/2018 3:24:26 PM

Subject:

CN=杭州易玩科技有限公司, OU=IT Dept., O=杭州易玩科技有限公司, L=杭州, S=浙江, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:

321F9F95A082BB2F44543056

File PE Metadata

Compilation timestamp:

10/21/2016 7:43:52 PM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

CTPH (ssdeep):

24576:XtmdSgI7MvH4a8TIY8hMG67sQwrbBAcjKAZwxrO6driI0bILzIHSn:Xtmd8M/N8TcpOsTrbBHjjwFOqiJbAn

Entry address:

0x350A30

Entry point:

EB, 08, 3C, E3, 00, 00, 00, 00, 00, 00, E9, 80, 9D, 11, 00, 60, 44, 31, 43, 47, 4E, 04, 43, E7, 80, 17, 0F, AB, 36, 4E, 43, 3B, 4E, 04, 43, FF, FF, FF, FF, 96, 9F, 4C, 43, 90, E8, 05, 43, 20, D0, D7, 2C, 83, BE, 30, 43, BC, 57, 04, 43, E8, 35, 88, 7D, 8B, 36, 4E, 43, 5B, 51, 04, 43, 78, B0, 79, FF, 35, 9F, 4C, 43, BC, 4E, 04, 43, 06, 16, 11, 45, 17, 91, 30, 43, EF, 5E, 04, 43, E3, 97, 0F, AE, 2B, AE, 37, 43, 17, 91, 04, 43, AA, D4, 7B, 7C, 40, 45, 31, 43, 6E, 3D, 17, 43, 57, FE, 14, DA, 73, 31, 4C, 43, 95... 
[+]

Entropy:

7.9352 (probably packed)

Code size:

77 KB (78,848 bytes)

Driver

Display name:

cheano_drv

Type:

Kernel device driver (KernelDriver)

Scan cheano_drv.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.