home

mstdmk.sys

GreenTree Applications srl

It runs as a Windows kernel mode device driver named “mstdmk”.
Publisher:
GreenTree Applications srl  (signed and verified)

MD5:
2fd7cee4de0e5969324d6ac61a12b0dc

SHA-1:
b225174d150418ce1885937651afcc4e1e5d4779

SHA-256:
920566138a762937e2f07bf9d3f5e03c1173359eafbb7cff73ebfdb64166183b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 5:58:50 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
Trojan.Generic
1.0.0.1120

File size:
151.4 KB (155,024 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\mstdmk.sys

Digital Signature
Signed by:
GreenTree Applications srl

Authority:
Starfield Technologies, Inc.

Valid from:
11/8/2016 10:36:38 AM

Valid to:
11/8/2017 10:36:38 AM

Subject:
CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Beijing, S=Beijing, C=CN

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
1533E8F641C0614F

File PE Metadata
Compilation timestamp:
2/15/2017 1:24:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

Entry address:
0x4C90

Entry point:
55, 8B, EC, 83, EC, 24, 68, 7C, C6, 01, 10, E8, AE, 69, 01, 00, 83, C4, 04, 8B, 45, 0C, 66, 8B, 08, 66, 89, 0D, FC, 25, 02, 10, 8B, 55, 0C, 66, 8B, 42, 02, 66, A3, FE, 25, 02, 10, 8B, 4D, 0C, 0F, B7, 11, 52, 6A, 00, FF, 15, D0, C0, 01, 10, A3, 00, 26, 02, 10, 8B, 45, 0C, 50, 68, FC, 25, 02, 10, FF, 15, B0, C0, 01, 10, 68, E0, C6, 01, 10, E8, 64, 69, 01, 00, 83, C4, 04, C7, 45, F4, 00, 00, 00, 00, 68, 2C, C7, 01, 10, E8, 50, 69, 01, 00, 83, C4, 04, 68, 30, 2B, 02, 10, E8, F5, 52, 01, 00, 68, 58, C7, 01, 10...
 
[+]

Entropy:
6.6384

Developed / compiled with:
Microsoft Visual C++

Code size:
106.5 KB (109,056 bytes)

Driver
Display name:
mstdmk

Type:
Kernel device driver (KernelDriver)


Scan mstdmk.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.