home

upkernel.sys

Brotsoft technology co., limited

The file upkernel.sys by Brotsoft technology co., limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Brotsoft technology co., limited  (signed and verified)

MD5:
eff34a7f4e5e7c2bfbde471ee342356a

SHA-1:
4f7fc50ea464d2c8738cfe3e8c30db425d311fdf

SHA-256:
b67fafa2eb59ec3ccc76b9efbd2db446ead0f22d2e00ee6f469383eaca620cc9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:38:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BeijingFantasyGame.Optional.Meta (L)
16.2.1.11

File size:
38.4 KB (39,288 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\upkernel.sys

Digital Signature
Signed by:
Brotsoft technology co., limited

Authority:
Thawte, Inc.

Valid from:
12/22/2015 7:00:00 PM

Valid to:
12/22/2016 6:59:59 PM

Subject:
CN="Brotsoft technology co., limited", OU=Software Department, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6F02006FDCD582AF516A767E5AB3FE4A

File PE Metadata
Compilation timestamp:
7/7/2015 9:30:57 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:L+fcFCFfqVoVmkbRUXq1KhmetSeVnZCuSPLVzw8DuT+qui80RK+zFxUZqAHKnX:VFcfqVAmirQseUeV63Sl1X

Entry address:
0x3DBE

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 24, CB, FF, FF, CC, CC, 58, 3E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 42, 00, 00, 38, 1A, 00, 00, 48, 3E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AA, 42, 00, 00, 28, 1A, 00, 00, 20, 3E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 92, 43, 00, 00, 00, 1A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6A, 43, 00, 00, 54, 43, 00, 00, 30, 43, 00, 00, 12, 43, 00, 00, F6, 42, 00, 00, DA, 42, 00, 00, C4, 42, 00, 00, B2, 42...
 
[+]

Code size:
7.1 KB (7,296 bytes)

Remove upkernel.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.