» dump_wmimmc.sys
Overview
Analysis
File Details

dump_wmimmc.sys

INCA Internet Co.,Ltd.

File name:

dump_wmimmc.sys

Publisher:

INCA Internet Co.,Ltd. (signed and verified)

MD5:

6dff7f1a1a1f2528143bb62c2aa5f033

SHA-1:

a0de7d0712f584eb5f139692eabe8c58a7c5d53b

SHA-256:

adde68f0a8ac092e07a3ee3ad1c31e7d565668f0a9e66ae3504743be59170d33

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 12:57:30 AM UTC (today)

File size:

2.5 MB (2,585,832 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\users\{user}\downloads\blackshot_sea\blackshot\system\gameguard\dump_wmimmc.sys

Digital Signature

Signed by:

INCA Internet Co.,Ltd.

Authority:

Symantec Corporation

Valid from:

8/8/2016 8:00:00 AM

Valid to:

8/9/2017 7:59:59 AM

Subject:

CN="INCA Internet Co.,Ltd.", OU=Research, O="INCA Internet Co.,Ltd.", L=Kuro-gu, S=Seoul, C=KR, SERIALNUMBER=214-86-47888, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KR

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

018D0093BC38D7E4C123846397286068

File PE Metadata

Compilation timestamp:

10/25/2016 9:47:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:ytQokwLQbn8OhIavwrW1+CSiSm6LeOyPfShlynjWcHMHAZRvjNMDjszFb:MHxCI/WzSmwCjNMDIN

Entry address:

0x1EF40

Entry point:

55, 8B, EC, 83, EC, 50, 68, C8, 5E, 01, 10, 8D, 45, F0, 50, FF, 15, 6C, 40, 01, 10, 68, F0, 5E, 01, 10, 8D, 4D, D0, 51, FF, 15, 6C, 40, 01, 10, 68, 90, A5, 01, 10, E8, 52, 28, FF, FF, 68, 94, A5, 01, 10, E8, 48, 28, FF, FF, 68, 98, A5, 01, 10, E8, 3E, 28, FF, FF, 68, 9C, A5, 01, 10, E8, 34, 28, FF, FF, 8D, 55, EC, 52, 6A, 00, 68, 00, 01, 00, 00, 68, 02, 84, 00, 00, 8D, 45, F0, 50, 68, 4C, 04, 00, 00, 8B, 4D, 08, 51, FF, 15, 64, 41, 01, 10, 89, 45, D8, 83, 7D, D8, 00, 7C, 47, 8D, 55, F0, 52, 8D, 45, D0, 50... 
[+]

Entropy:

5.9565

Developed / compiled with:

Microsoft Visual C++

Code size:

91 KB (93,184 bytes)

Scan dump_wmimmc.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.