home

baldr.sra

SkyRecon Systems

It runs as a Windows kernel mode device driver named “baldr”.
Publisher:
SkyRecon Systems  (signed and verified)

MD5:
b0ca2302088dc8a4e63563f3ed69835f

SHA-1:
579853045344e8eedf3db58fd14759abd0b75f55

SHA-256:
276239067ff3a48f7b0248dc4503f9a9e13d1b27734c43db5338572368b3c05c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/6/2024 8:38:30 PM UTC  (today)

File size:
18.7 KB (19,136 bytes)

Common path:
C:\Windows\System32\drivers\baldr.sra

Digital Signature
Signed by:
SkyRecon Systems

Authority:
VeriSign, Inc.

Valid from:
1/7/2013 7:00:00 PM

Valid to:
2/7/2014 6:59:59 PM

Subject:
CN=SkyRecon Systems, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SkyRecon Systems, L=Malakoff, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09C1D9376DEC27B023CE491EF12C40A1

File PE Metadata
Compilation timestamp:
1/8/2014 11:36:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
10.0

CTPH (ssdeep):
384:dBzg/ElvDVFjpRYUJ1pDZnnYPL9yUHeMhG:Pz8ElvDVFdR5nDZn1

Entry address:
0x2234

Entry point:
8B, FF, 55, 8B, EC, E8, C2, FF, FF, FF, 5D, E9, 5C, F3, FF, FF, 90, 22, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 25, 00, 00, 10, 04, 00, 00, 80, 22, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, 25, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, 25, 00, 00, 86, 25, 00, 00, CA, 25, 00, 00, 00, 00, 00, 00, 88, 23, 00, 00, B4, 23, 00, 00, D0, 23, 00, 00, E8, 23, 00, 00, FA, 23, 00, 00, 0E, 24, 00, 00, 1E, 24, 00, 00, 30, 24, 00, 00, 3C, 24, 00, 00...
 
[+]

Code size:
8.5 KB (8,704 bytes)

Driver
Display name:
baldr

Type:
Kernel device driver (KernelDriver)

Group:
baldr


Scan baldr.sra - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.