Gridinsoft Logo

The driver.sys File Analysis

Updated 1 month ago
Checked by Malware Check
driver.sys

Technical Analysis

File Name driver.sys
File Type
PE32+ executable (native) x86-64, for MS Windows
Scanner Version 1.0.229.174
Database Version 2025-11-23 09:00:23 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
27,920
File Size (bytes)
2025-11-23
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
7fdd08cc697ba488fefa9e3b10f8e59a
SHA1
3f57c930ae28d355c496ccc6a66571201eb641de
SHA256
f147e2d045770497aa61ddf717a899c1bbdeace7751aad721405425feb009ac4
SHA512
869e9bcfb1e2471b76e22173e12930fb470254cee7179946755dfcdaf27270443e78eb21bc27380543f92d1be3482bf4f473d2b90d45fd5356d19508c7937577
ImpHash
0abaaa2c8e983d12d365a065ed9fabef

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x1400012f0
Compilation Time 2025-03-13 16:45:19
Checksum 0x0000db22 (Actual: 0x0000db22)
OS Version 10.0
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path D:\blindedkernel\Kernel\build\execute.pdb
Digital Signature An error occurred while validating the countersignature: Chain verification from [email protected], CN=viper, O=take2games, L=San Francisco, ST=California, C=US (serial:1000, sha1:20ae9df7716c2b66800d978aa57219f2db429ae7) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: viper, Organization: take2games, Locality: San Francisco, State/Province: California, Country: US"
Imports 1 libraries
ntoskrnl
Exports 0 functions
Resources 0 Resources
Sections 5 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 17,382 bytes 17,408 bytes 6.32 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D0B6A7C2335AA79E7401140FDAF2F5A1
.rdata 0x00006000 1,344 bytes 1,536 bytes 4.64 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 3990D2D616A5C2A2341592037B607A57
.data 0x00007000 4,456 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D340F23A7D18057BB02252A3CB40B877
.pdata 0x00009000 396 bytes 512 bytes 3.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 7A962807709117A4217E026840EAF03D
INIT 0x0000a000 304 bytes 512 bytes 3.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 561C8982F6ABA04508D3698DD4679426

Certificate Chain Analysis

Certificate Information
Verification Status A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Signers Take-Two Interactive Software, Inc.; VeriSign Class 3 Code Signing 2010 CA; VeriSign
Counter Signers viper
Certificate Chain Summary
viper #1 Primary
Validity Period: 2025-01-27 02:43:29 → 2026-01-27 02:43:29
Signature Algorithm: sha256RSA
Serial Number: 03 E8
Take-Two Interactive Software, Inc. #2 Chain
Validity Period: 2011-09-21 00:00:00 → 2013-09-20 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 69 50 43 D6 8F 15 55 0F D5 DB 37 0F A8 81 7B 04
VeriSign Class 3 Public Primary Certification Authority - G5 #3 Chain
Validity Period: 2011-02-22 19:25:17 → 2021-02-22 19:35:17
Signature Algorithm: sha1RSA
Serial Number: 61 19 93 E4 00 00 00 00 00 1C

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

An error occurred while validating the countersignature: Chain verification from [email protected], CN=viper, O=take2games, L=San Francisco, ST=California, C=US (serial:1000, sha1:20ae9df7716c2b66800d978aa57219f2db429ae7) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: viper, Organization: take2games, Locality: San Francisco, State/Province: California, Country: US"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware