» msijqxfm.sys
Overview
Analysis
File Details
Behaviors (1)

msijqxfm.sys

湖南蓝途方鼎科技有限公司

It runs as a Windows kernel mode device driver named “msijqxfm”.

File name:

msijqxfm.sys

Publisher:

湖南蓝途方鼎科技有限公司 (signed and verified)

MD5:

f0e6fa6cffe930a6f38a766025f616e4

SHA-1:

4e34ffbb79148ad83290dfae5123f0724d8959c8

SHA-256:

263ebe7a3e15696d185fc248966933703ae0b48bb3caed8c10a1ba3249841ef1

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/24/2024 8:06:17 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Adware.Agent.NQL application

6.3.12010.0

F-Prot

W32/Dropper.6!Generic

4.6.5.141

File size:

211.1 KB (216,216 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\msijqxfm.sys

Digital Signature

Signed by:

湖南蓝途方鼎科技有限公司

Authority:

VeriSign, Inc.

Valid from:

4/2/2015 3:00:00 AM

Valid to:

5/2/2016 2:59:59 AM

Subject:

CN=湖南蓝途方鼎科技有限公司, O=湖南蓝途方鼎科技有限公司, L=长沙市, S=湖南省, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2AC01DE88063BADB080008853FDD8C6C

File PE Metadata

Compilation timestamp:

6/6/2016 7:16:06 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:7RN5LLmLveO6++yw0t743bMOaBztvCBDErP:7BmLH6++s74bMOqztvoDyP

Entry address:

0x31D3E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, E2, E7, FC, FF, CC, CC, 9C, 1D, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, D8, 20, 03, 00, 90, 72, 02, 00, 8C, 1D, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0E, 21, 03, 00, 80, 72, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DA, 27, 03, 00, FA, 20, 03, 00, E6, 20, 03, 00, 00, 00, 00, 00, AA, 1F, 03, 00, C2, 1F, 03, 00, D4, 1F, 03, 00, E8, 1F, 03, 00, F2, 1F, 03, 00, 0A, 20, 03, 00, 14, 20, 03, 00, 2C, 20, 03, 00, 3E, 20... 
[+]

Entropy:

6.6488

Code size:

158.4 KB (162,176 bytes)

Driver

Display name:

msijqxfm

Type:

Kernel device driver (KernelDriver)

Scan msijqxfm.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.