home

shsuning64.sys

苏宁易付宝网络支付平台密码安全控件

Nanjing Suning yifubao Network Technology Co., Ltd.

It runs as a Windows 64-bit kernel mode device driver named “SHSUNING”.
Publisher:
南京苏宁易付宝网络科技有限公司  (signed by Nanjing Suning yifubao Network Technology Co., Ltd.)

Product:
苏宁易付宝网络支付平台密码安全控件

Description:
Suning Yifubao Password Plugin

Version:
3, 0, 0, 0

MD5:
4c87ada55d929ddd01c3e08035d7b32f

SHA-1:
d661a7ef1c525d89c6f5b046b67a12c19a026c65

SHA-256:
960a0570ef7b9b907ddb0d5e0f09b38b6b76c5103fd8f2d267a8041b224493a4

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 12:25:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Patched
2014.0.4037

File size:
441.6 KB (452,176 bytes)

Product version:
3, 0, 0, 0

Copyright:
shahaiinfo. All rights reserved.

Original file name:
shsuning.sys

File type:
Driver (Win64 SYS)

Common path:
C:\windows\syswow64\drivers\shsuning64.sys

Digital Signature
Signed by:
Nanjing Suning yifubao Network Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/20/2013 8:00:00 AM

Valid to:
4/19/2016 7:59:59 AM

Subject:
CN="Nanjing Suning yifubao Network Technology Co., Ltd.", OU=yifubao, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Suning yifubao Network Technology Co., Ltd.", L=jiangsu, S=nanjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
678A635D718CDE7CD20189555FBBD131

File PE Metadata
Compilation timestamp:
10/23/2013 8:16:58 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:zdUCB+I2MqqDL2//Xc4Xacmue52hWNhPYX7oM2mFJrPLpRKqtVbcxvCLr:zdz9qqDL6/c4XGf52Q2eqdRDkxKn

Entry address:
0x66122

Entry point:
E9, F6, FF, FF, FF, 23, 8F, 35, 94, 61, 4D, CC, 13, 7C, 60, 30, B3, B7, CB, 41, 6F, 61, 4F, 41, 6F, D4, 10, 54, 6C, 31, 31, F3, 28, 06, CE, D5, 6F, A6, 0C, 8B, 61, 4F, CE, 64, 34, BF, 30, 6C, C8, B8, D7, 67, 1E, 22, F6, FA, 96, 76, 4D, 31, 65, 69, C5, C5, FC, 94, 7E, 46, 00, 90, F7, EB, 67, 5B, 4F, 0F, F2, C2, BD, 6D, 00, D8, 8A, 62, 3C, 0C, F2, 5B, E8, FF, 00, 00, 00, 00, 0F, 0F, 1D, 6C, B4, 87, 1F, 8C, B3, 56, 00, 07, 2C, 1E, 7A, 0B, B2, F8, A3, DF, D8, 91, F2, 71, 49, 13, 55, 14, 00, EA, DE, ED, 38, BF...
 
[+]

Entropy:
3.6786

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
42.8 KB (43,776 bytes)

Driver
Display name:
SHSUNING

Type:
Kernel device driver (KernelDriver)


Scan shsuning64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.