» rspwhy32.sys
Overview
Analysis
File Details

rspwhy32.sys

WhySoSlow

Daniel Terhell

File name:

rspwhy32.sys

Publisher:

Resplendence Software Projects Sp. (signed by Daniel Terhell)

Product:

WhySoSlow

Description:

Resplendence WhySoSlow Monitoring Driver

Version:

1.00 built by: WinDDK

MD5:

0eacf72f3b53273a40b067d2d61286a6

SHA-1:

d7ceffd049a6e226c7a144a4a8fb0505ce9eb658

SHA-256:

b79357405f428da5a7f381f00235deeac602675cb3ca2750270a73d8e848a156

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 12:48:06 PM UTC (today)

File size:

28.8 KB (29,456 bytes)

Product version:

1.00

Original file name:

rspWhy.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\whysoslow\rspwhy32.sys

Digital Signature

Signed by:

Daniel Terhell

Authority:

COMODO CA Limited

Valid from:

5/26/2014 2:00:00 AM

Valid to:

5/27/2019 1:59:59 AM

Subject:

CN=Daniel Terhell, O=Daniel Terhell, STREET=Via Hanoi 3, L=Baricella, S=Bologna, PostalCode=40052, C=IT

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

37535DB27CD81B479E3DB1E4E16A30E7

File PE Metadata

Compilation timestamp:

6/8/2016 2:01:19 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:EYou0xppmLhdB1P05neQElNHKZYgAA6HStbO/mIYh2Zh30tOI5OrlpDCKtFFUGE4:NeICr5tC/mDe8s5BrtvJ+ehjYd7AiS

Entry address:

0x70A6

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 08, B9, FF, FF, CC, CC, 44, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 62, 74, 00, 00, 3C, 40, 00, 00, 28, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, 74, 00, 00, 20, 40, 00, 00, 08, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, 75, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 86, 75, 00, 00, 68, 75, 00, 00, 4C, 75, 00, 00, 30, 75, 00, 00, 1A, 75, 00, 00, 04, 75, 00, 00, AA, 75, 00, 00, 00, 00... 
[+]

Code size:

13.5 KB (13,824 bytes)

Scan rspwhy32.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.