» dump_wmimmc.sys
Overview
Analysis
File Details
Behaviors (1)

dump_wmimmc.sys

INCA Internet Co.,Ltd.

It runs as a Windows kernel mode device driver named “dump_wmimmc”.

File name:

dump_wmimmc.sys

Publisher:

INCA Internet Co.,Ltd. (signed and verified)

MD5:

fdfdc16f8f5f72db7c9dff18a00b7f47

SHA-1:

63616b234912e96b4b860d636020cebf4e4708e3

SHA-256:

83ad9019d84db41b390a4828968b9359d43735180a40dc13682f4b0202ca5cf7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 1:12:17 AM UTC (today)

File size:

2.5 MB (2,611,136 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\gameforgelive\games\tur_tur\metin2\gameguard\dump_wmimmc.sys

Digital Signature

Signed by:

INCA Internet Co.,Ltd.

Authority:

Symantec Corporation

Valid from:

8/8/2016 3:00:00 AM

Valid to:

8/9/2017 2:59:59 AM

Subject:

CN="INCA Internet Co.,Ltd.", OU=Research, O="INCA Internet Co.,Ltd.", L=Kuro-gu, S=Seoul, C=KR, SERIALNUMBER=214-86-47888, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KR

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

018D0093BC38D7E4C123846397286068

File PE Metadata

Compilation timestamp:

10/14/2016 7:41:03 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:/zFE5yljr8GvaXXjmaC1Y6kX+KT4Uurv0Kfvgux0U9jdAbecznNoem9+GD5ig:htljr8n6ayuuKT4UuQKfvg58oN3ZiMg

Entry address:

0x1EF40

Entry point:

55, 8B, EC, 83, EC, 50, 68, C8, 5E, 01, 10, 8D, 45, F0, 50, FF, 15, 6C, 40, 01, 10, 68, F0, 5E, 01, 10, 8D, 4D, D0, 51, FF, 15, 6C, 40, 01, 10, 68, 50, A5, 01, 10, E8, C2, 27, FF, FF, 68, 54, A5, 01, 10, E8, B8, 27, FF, FF, 68, 58, A5, 01, 10, E8, AE, 27, FF, FF, 68, 5C, A5, 01, 10, E8, A4, 27, FF, FF, 8D, 55, EC, 52, 6A, 00, 68, 00, 01, 00, 00, 68, 02, 84, 00, 00, 8D, 45, F0, 50, 68, 4C, 04, 00, 00, 8B, 4D, 08, 51, FF, 15, 64, 41, 01, 10, 89, 45, D8, 83, 7D, D8, 00, 7C, 47, 8D, 55, F0, 52, 8D, 45, D0, 50... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

91 KB (93,184 bytes)

Driver

Display name:

dump_wmimmc

Type:

Kernel device driver (KernelDriver)

Scan dump_wmimmc.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.