» stopusb.sys
Overview
Analysis
File Details
Behaviors (1)

stopusb.sys

usblock

Everstrike OOO

The file stopusb.sys by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “stopusb”.

File name:

stopusb.sys

Publisher:

Everstrike Software (www.everstrike.com) (signed by Everstrike OOO)

Product:

usblock

Description:

USBLock Driver

Version:

1.0

MD5:

4e098b543fefe6cf0c5a106146a73b59

SHA-1:

c12dfcc299458367e73d54936615a8209b5db7fa

SHA-256:

a3af5a88d0a481a7d3d16dc25c54409102294ad7da10f1e1a079a1c2e3074bb6

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 3:04:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.8.6

File size:

46.8 KB (47,880 bytes)

Product version:

1.0

Original file name:

usblock.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\stopusb.sys

Digital Signature

Signed by:

Everstrike OOO

Authority:

VeriSign, Inc.

Valid from:

1/16/2013 7:00:00 AM

Valid to:

2/16/2014 6:59:59 AM

Subject:

CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=Ulyanovsk, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

49A93C592149572F4142F301F1998E04

File PE Metadata

Compilation timestamp:

7/31/2013 1:08:48 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:yK43sjaVib7Boj0jdhr6Of8X6eCvmiICeLWUWNZpj8sJX0mGYY5c4Mx:yK43eaVib7TjdJ6OUX0vpsTs6Y0mGFU

Entry address:

0xB03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, B0, 8D, FF, FF, CC, CC, A4, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B6, B7, 00, 00, 18, 90, 00, 00, 8C, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 38, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, B8, 00, 00, FA, B7, 00, 00, E4, B7, 00, 00, D0, B7, 00, 00, 24, B8, 00, 00, 00, 00, 00, 00, 58, B2, 00, 00, 7E, B2, 00, 00, 92, B2, 00, 00, A6, B2, 00, 00, B0, B2, 00, 00, BA, B2, 00, 00, D0, B2... 
[+]

Code size:

34 KB (34,816 bytes)

Driver

Display name:

stopusb

Type:

Kernel device driver (KernelDriver)

Group:

Event Log

Remove stopusb.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.