» kuaizipdrive.sys
Overview
Analysis
File Details
Behaviors (1)

kuaizipdrive.sys

WinMount Driver

上海广乐网络科技有限公司

It runs as a Windows kernel mode device driver named “KuaiZipDrive”.

File name:

kuaizipdrive.sys

Publisher:

WinMount International Inc (signed by 上海广乐网络科技有限公司)

Product:

WinMount Driver

Description:

WinMount Driver for x86

Version:

3.5 built by: WinDDK

MD5:

7dbb26e574884c9156b1b11c0e8b872b

SHA-1:

8c5941d975030c80dc278e3b800e9e379a122584

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 8:45:05 PM UTC (today)

File size:

66.5 KB (68,128 bytes)

Product version:

3.5.0

Original file name:

WMDrive.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\kuaizipdrive.sys

Digital Signature

Signed by:

上海广乐网络科技有限公司

Authority:

VeriSign, Inc.

Valid from:

6/15/2015 8:00:00 AM

Valid to:

9/14/2017 7:59:59 AM

Subject:

CN=上海广乐网络科技有限公司, OU=技术, O=上海广乐网络科技有限公司, L=上海, S=上海, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

02B30EE595AD3BBE219E68DC6A431AF2

File PE Metadata

Compilation timestamp:

11/2/2015 3:56:32 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0xD63E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 5C, 30, FF, FF, CC, CC, 98, D6, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, DC, 00, 00, 8C, B9, 00, 00, 8C, D6, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, DF, 00, 00, 80, B9, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, DF, 00, 00, 2C, DF, 00, 00, 00, 00, 00, 00, 26, D8, 00, 00, 3C, D8, 00, 00, 4E, D8, 00, 00, 58, D8, 00, 00, 68, D8, 00, 00, 76, D8, 00, 00, 8E, D8, 00, 00, 9C, D8, 00, 00, B4, D8, 00, 00, D0, D8... 
[+]

Entropy:

6.4534

Code size:

47.6 KB (48,768 bytes)

Driver

Display name:

KuaiZipDrive

Type:

Kernel device driver (KernelDriver)

Depends on:

RPCSS

Scan kuaizipdrive.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.