home

cnedrv.sys

Mirage Driver

CNESTY

It runs as a Windows kernel mode device driver named “cnedrv”.
Publisher:
DemoForge, LLC  (signed by CNESTY)

Product:
Mirage Driver

Version:
1.2 (build 74)

MD5:
d40d7e62fc52b12a6fcf09a92a5f3aa1

SHA-1:
ed6d3b691c272ecafbe384c6020750f54cf80696

SHA-256:
102872d24c29728a147ac00b4696c50e0bfc411c317db27d97dbe28852834cf0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 5:30:26 AM UTC  (today)

File size:
31.5 KB (32,248 bytes)

Product version:
1.2 (build 74)

Copyright:
© DemoForge, LLC. All rights reserved.

Original file name:
dfummd.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\cnedrv.sys

Digital Signature
Signed by:
CNESTY

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/11/2008 4:40:41 PM

Valid to:
2/22/2009 7:32:54 PM

Subject:
CN=CNESTY, OU=Software Development Department, O=CNESTY, L=SEOUL, S=GYEONGGI-DO, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
36AC246084858B1C6BF36CAEE0867A3D

File PE Metadata
Compilation timestamp:
5/2/2006 6:36:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
768:ZXYGs7BpANK12/kvuSZinAIyxN01n4Lee1:ZXWpFi+xN01n4Ce1

Entry address:
0x20B0

Entry point:
55, 8B, EC, 83, EC, 50, 56, 57, 33, FF, 57, 57, 68, 44, 72, 01, 00, 68, 4C, 72, 01, 00, E8, D5, 01, 00, 00, 6A, 50, 8D, 45, B0, 50, FF, 15, 08, 10, 01, 00, A1, 4C, 72, 01, 00, 83, F8, 04, 75, 09, C7, 45, B0, 28, 00, 00, 00, EB, 24, 76, 22, C7, 45, B0, 50, 00, 00, 00, C7, 45, E0, 70, 14, 01, 00, C7, 45, DC, 80, 14, 01, 00, C7, 45, E4, 90, 14, 01, 00, 89, 7D, F0, 89, 7D, F4, 8B, 55, 0C, 8B, 75, 08, 57, 8D, 4D, B0, 51, 52, 56, C7, 45, B8, 70, 1B, 01, 00, C7, 45, BC, A0, 14, 01, 00, C7, 45, D0, 60, 14, 01, 00...
 
[+]

Entropy:
4.2945

Developed / compiled with:
Microsoft Visual C++

Code size:
6 KB (6,144 bytes)

Driver
Display name:
cnedrv

Type:
Kernel device driver (KernelDriver)

Group:
Video


Scan cnedrv.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.