home

dcsnap.sys

iYogi Inc.

It runs as a Windows kernel mode device driver named “dcsnap”.
Publisher:
iYogi Inc.  (signed and verified)

MD5:
08a7dcadc0d62a2dff6ab995730b1145

SHA-1:
59aa8ce8ba7870b45e14c98187a6817e5c0be503

SHA-256:
94f552cbaff34cefb553d665e4f2f794e8675615bac59da02516638e6c73e2c5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 8:21:21 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Spyware.Texy!1.64D4
23.00.65.16110

File size:
81.7 KB (83,656 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\dcsnap.sys

Digital Signature
Signed by:
iYogi Inc.

Authority:
VeriSign, Inc.

Valid from:
4/13/2008 7:00:00 PM

Valid to:
4/14/2009 6:59:59 PM

Subject:
CN=iYogi Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iYogi Inc., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4DD719AB6F6E8ADF2184FBAB29F152D2

File PE Metadata
Compilation timestamp:
1/30/2008 3:41:27 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
5.12

CTPH (ssdeep):
1536:j+b4Sas9uCljV48wqHHGGqONCRVNXQiZWOK/+rLnJYvHdkHvAfQt:j+s9s9nx45qHH/ERVZWOK/+rLn6kHL

Entry address:
0x588

Entry point:
55, 8B, EC, 51, 51, 53, 56, 57, 33, FF, 57, 57, 68, 14, F6, 01, 00, 68, 10, F6, 01, 00, E8, 4D, E8, 00, 00, FF, 75, 0C, E8, 33, E7, 00, 00, 50, 68, 80, 02, 01, 00, A3, 48, 0E, 02, 00, E8, 2F, E8, 00, 00, 39, 3D, 28, F6, 01, 00, 59, 59, 75, 23, 83, CE, FF, 56, 56, 57, 68, 94, 02, 01, 00, 68, 9C, 02, 01, 00, FF, 75, 0C, E8, B7, 19, 00, 00, 3B, C7, A3, 28, F6, 01, 00, 74, 24, EB, 03, 83, CE, FF, 56, 56, 57, 68, B4, 02, 01, 00, 68, C0, 02, 01, 00, FF, 75, 0C, E8, 94, 19, 00, 00, 85, C0, 74, 06, 89, 3D, 28, F6...
 
[+]

Entropy:
6.3921

Developed / compiled with:
Microsoft Visual C++

Code size:
60.6 KB (62,048 bytes)

Driver
Display name:
dcsnap

Type:
Kernel device driver (KernelDriver)


Scan dcsnap.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.