» GabiAcpi.sys
Overview
Analysis
File Details
Behaviors (1)

GabiAcpi.sys

Fujitsu Technology Solutions GmbH

It runs as a Windows 64-bit kernel mode device driver named “FUJ0420 Service”.

File name:

GabiAcpi.sys

Publisher:

Fujitsu Technology Solutions (signed by Fujitsu Technology Solutions GmbH)

Product:

GabiAcpi.sys

Version:

1, 0, 0, 0

MD5:

de05b23c423bc6dd99e3c3ee27e18368

SHA-1:

72e2b61a979faf237514efc3b9b0989555009add

SHA-256:

73c9ab2e59a2732543c62f5122112a25d0e22ad39b4ec27c421959ac63d75574

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/28/2024 1:44:10 AM UTC (today)

File size:

30.4 KB (31,120 bytes)

Product version:

1, 0, 0, 0

Original file name:

GabiAcpi.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\{4b9c0229-ca59-4044-8b75-afb42054a3d7}\gabiacpi.sys

Digital Signature

Signed by:

Fujitsu Technology Solutions GmbH

Authority:

GlobalSign nv-sa

Valid from:

9/24/2015 2:13:12 PM

Valid to:

9/23/2017 5:50:01 PM

Subject:

CN=Fujitsu Technology Solutions GmbH, OU=Fujitsu Technology Solutions GmbH, O=Fujitsu Technology Solutions GmbH, STREET=Mies-van-der-Rohe-Str. 8, L=Munich, S=Bavaria, C=DE, OID.1.3.6.1.4.1.311.60.2.1.1=Munich, OID.1.3.6.1.4.1.311.60.2.1.2=Bavaria, OID.1.3.6.1.4.1.311.60.2.1.3=DE, SERIALNUMBER=HRB 113308, OID.2.5.4.15=Private Organization

Issuer:

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112111D4C149F047F39511EEA6BDACC637C4

File PE Metadata

Compilation timestamp:

12/15/2015 1:53:13 PM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

CTPH (ssdeep):

384:9hIojKJqj1w4k3/A29GetvVOloCaG2MQMNMYXCLdRpFKn23+tzhjsmEkbyFRWLvI:8qpw4k3/A2TtvG7Jr21An23+zjMWLO5

Entry address:

0x1184

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 0B, 60, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, B2, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, 05, C7, 1E, 00, 00, 48, 8B, F9, 48, 8D, 0D, A5, 1E, 00, 00, 48, 8D, 1D, AE, 1E, 00, 00, 48, 3B, C1, 74, 45, 48, 3B, D8, 77, 40, 48, 8B, 43, 40, 48, 85, C0, 74, 18, 4C, 8B, 05, 8C, 2B, 00, 00, 48, 8D, 0D, 8F, 08, 00, 00, 4C, 8B, CB, 48, 8B, D7, FF, D0, EB, 12, 48, 8B, 15, 74, 2B, 00, 00... 
[+]

Entropy:

6.7336

Code size:

7 KB (7,168 bytes)

Driver

Display name:

FUJ0420 Service

Service name:

GabiAcpi

Type:

Kernel device driver (KernelDriver)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.