× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d87e9f4344d7eea47d4b7e377ff93048eed05bd2f8998548ea74c3df4fe7f0a6
File name: EUBKMON.sys
Detection ratio: 0 / 66
Analysis date: 2018-03-09 21:32:16 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180309
AegisLab 20180309
AhnLab-V3 20180309
Alibaba 20180309
ALYac 20180309
Antiy-AVL 20180309
Arcabit 20180309
Avast 20180309
Avast-Mobile 20180309
AVG 20180309
Avira (no cloud) 20180309
AVware 20180309
Baidu 20180309
BitDefender 20180309
Bkav 20180309
CAT-QuickHeal 20180309
ClamAV 20180309
CMC 20180309
Comodo 20180309
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cyren 20180309
DrWeb 20180309
eGambit 20180309
Emsisoft 20180309
Endgame 20180308
ESET-NOD32 20180309
F-Prot 20180309
F-Secure 20180309
Fortinet 20180309
GData 20180309
Ikarus 20180309
Sophos ML 20180121
Jiangmin 20180309
K7AntiVirus 20180309
K7GW 20180309
Kaspersky 20180309
Kingsoft 20180309
Malwarebytes 20180309
MAX 20180309
McAfee 20180309
McAfee-GW-Edition 20180309
Microsoft 20180309
eScan 20180309
NANO-Antivirus 20180309
nProtect 20180309
Palo Alto Networks (Known Signatures) 20180309
Panda 20180309
Qihoo-360 20180309
Rising 20180309
SentinelOne (Static ML) 20180225
Sophos AV 20180309
SUPERAntiSpyware 20180309
Symantec 20180309
Symantec Mobile Insight 20180306
Tencent 20180309
TheHacker 20180307
TotalDefense 20180309
TrendMicro 20180309
TrendMicro-HouseCall 20180309
Trustlook 20180309
VBA32 20180307
VIPRE 20180309
ViRobot 20180309
Webroot 20180309
Yandex 20180308
Zillya 20180309
ZoneAlarm by Check Point 20180309
Zoner 20180309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] CHENGDU YIWO Tech Development Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 09/03/2014
Valid to 11:59 PM 10/02/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7D182BBF0CE8C48112085C6E03F3C2E4DC338AFB
Serial number 7F 86 B4 4C 3E FB 81 FA C8 C8 B6 70 58 05 4F 6A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 02/08/2010
Valid to 12:59 AM 02/08/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine x64
Compilation timestamp 2015-12-09 21:52:08
Entry Point 0x0000E158
Number of sections 7
PE sections
Overlays
MD5 db5e888018dcb8f1962f1f0d17f9a496
File type data
Offset 43008
Size 5160
Entropy 7.37
PE imports
KeQueryPerformanceCounter
IoAllocateIrp
RtlInitUnicodeString
IoDetachDevice
PsCreateSystemThread
KeInitializeEvent
PoCallDriver
KeAcquireSpinLockAtDpcLevel
MmMapLockedPagesSpecifyCache
IoDriverObjectType
RtlCopyUnicodeString
IoWriteErrorLogEntry
KeReleaseSpinLock
DbgPrint
__C_specific_handler
IoCreateDevice
MmProbeAndLockPages
ObReferenceObjectByName
IoDeleteDevice
KeReleaseSpinLockFromDpcLevel
PsGetVersion
MmUnmapLockedPages
IoFreeIrp
MmBuildMdlForNonPagedPool
IofCompleteRequest
vsprintf
KeSetEvent
ObReferenceObjectByHandle
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
ExFreePoolWithTag
KeNumberProcessors
IoAllocateMdl
IoAllocateErrorLogEntry
ZwClose
PoStartNextPowerIrp
KeSetPriorityThread
PsTerminateSystemThread
ExAllocatePoolWithTag
KeBugCheckEx
IofCallDriver
KeAcquireSpinLockRaiseToDpc
IoFreeMdl
MmUnlockPages
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

SubsystemVersion
6.0

MachineType
AMD AMD64

TimeStamp
2015:12:09 22:52:08+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
37376

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
5632

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0xe158

OSVersion
6.0

ImageVersion
6.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
File identification
MD5 ccf2072c27b5f84447a0829014c43760
SHA1 a183490e45f8904d6333ac53eda740dfd5b971fc
SHA256 d87e9f4344d7eea47d4b7e377ff93048eed05bd2f8998548ea74c3df4fe7f0a6
ssdeep
768:kfEdXR/0b5NvBL8vqoFNZ2JcH65ggHr2hNyHmcHLxYExNplaTGleon0h:tXR/K5NvzG2L2k1pXo3h

authentihash 95538b5df02bcd4b9b6f5eed889aa1e6a84d570a038cb11b7d9ce8ab779ac7c4
imphash ca47c762a6ea73bf1b5a49c38545890d
File size 47.0 KB ( 48168 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2015-12-17 23:15:42 UTC ( 3 years, 5 months ago )
Last submission 2019-05-08 19:04:22 UTC ( 2 weeks ago )
File names .sys
EUBKMON.sys
udd39e2.tmp
vt-upload-S9QQC4
EUBKMON.sys
EUBKMON.sys
udd1b2e.tmp
eubkmon.sys
EUBKMON.sys
EUBKMON.sys
is-rjhr2.tmp
eubkmon.sys
eubkmon.sys
udda055.tmp
scan_file
is-cpdv9.tmp
eubkmon.sys
is-lg3n0.tmp
EUBKMON.sys
EUBKMON.sys
EUBKMON.sys
udd8c05.tmp
uddb31b.tmp
EUBKMON.sys
uddc91b.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!