mstdmk.sys

GreenTree Applications srl

It runs as a Windows 64-bit kernel mode device driver named “mstdmk”. The file has been seen being downloaded from 122.224.34.178.
Publisher:
GreenTree Applications srl  (signed and verified)

MD5:
e7aa93a9e0fac4c3520bcb5cc406cd15

SHA-1:
203e7eb6534690570499712220bc567c8a951cfc

SHA-256:
bcf620b7cf67443a78282b15296279f7b66cdd802a56706da1a59d0a8b7d7c9a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 11:55:27 PM UTC  (a few moments ago)

File size:
167.9 KB (171,920 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\mstdmk.sys

Digital Signature
Authority:
Starfield Technologies, Inc.

Valid from:
11/8/2016 10:36:38 AM

Valid to:
11/8/2017 10:36:38 AM

Subject:
CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Beijing, S=Beijing, C=CN

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
1533E8F641C0614F

File PE Metadata
Compilation timestamp:
2/15/2017 1:25:08 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
12.0

Entry address:
0x6950

Entry point:
48, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 58, AF, 01, 00, E8, B5, 84, 01, 00, 48, 8B, 84, 24, 98, 00, 00, 00, 0F, B7, 00, 66, 89, 05, 21, 1A, 02, 00, 48, 8B, 84, 24, 98, 00, 00, 00, 0F, B7, 40, 02, 66, 89, 05, 10, 1A, 02, 00, 48, 8B, 84, 24, 98, 00, 00, 00, 0F, B7, 00, 8B, D0, 33, C9, FF, 15, 69, 98, 01, 00, 48, 89, 05, FA, 19, 02, 00, 48, 8B, 94, 24, 98, 00, 00, 00, 48, 8D, 0D, E3, 19, 02, 00, FF, 15, DD, 96, 01, 00, 48, 8D, 0D, 0E, AF, 01, 00, E8, 53, 84, 01, 00, C7...
 
[+]

Entropy:
5.9816

Code size:
121.5 KB (124,416 bytes)

Driver
Display name:
mstdmk

Type:
Kernel device driver (KernelDriver)


The file mstdmk.sys has been seen being distributed by the following URL.

http://122.224.34.178:20171/td_x64.dll

Scan mstdmk.sys - Powered by Reason Core Security