» bdfree_win7_x86.sys
Overview
Analysis
File Details
Behaviors (1)

bdfree_win7_x86.sys

BDFree

It runs as a Windows kernel mode device driver named “bdfree”.

File name:

bdfree_win7_x86.sys

Publisher:

BDFree (signed and verified)

MD5:

fd9b1b23111b94bf2632ccc6e6c01309

SHA-1:

1058c2240c40b1b742602c85a0379c08bdd1db05

SHA-256:

9a39aa3fe234460e8845f20dee64bda874ec926a29656dc3bd915b44f1eb0d47

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/19/2024 10:30:25 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsReno

1.3.0.4959

File size:

119.1 KB (121,976 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\bdfree\driver\bdfree_win7_x86.sys

Digital Signature

Signed by:

BDFree

Authority:

BDFree

Valid from:

3/29/2012 11:45:32 PM

Valid to:

12/31/2039 5:59:59 PM

Subject:

CN=BDFree

Issuer:

CN=BDFree

Serial number:

F2B6DB39EC243F974A5875C7EB007B12

File PE Metadata

Compilation timestamp:

4/6/2012 4:27:26 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:qsFqJRns1aO6Nlo9QgAHAA3hkHvfe2C2qyWKWM2o2J:qsFqJRns1aR3gQgAHAmsve2NkMaJ

Entry address:

0x413AE

Entry point:

E8, DA, EC, FF, FF, F8, 60, 52, 80, 3F, 23, 9C, 66, 89, 2C, 24, FF, 74, 24, 04, 8D, 64, 24, 2C, 0F, 85, B8, BE, FF, FF, E8, 03, E9, FF, FF, 6E, 74, 6F, 73, 6B, 72, 6E, 6C, 2E, 65, 78, 65, 00, 68, F8, 66, EC, 12, 60, FF, 34, 24, 89, 7C, 24, 24, 60, 89, 5C, 24, 40, E8, 21, 2F, 00, 00, 89, 04, 24, 0F, 9F, C0, F6, D0, 0F, 96, C0, AC, 50, F8, 04, 3A, 68, 64, 5E, E8, F0, C0, C0, 04, 68, 88, 5A, BB, 2B, E9, 03, 22, 00, 00, 66, F7, C1, 56, 87, 0F, BA, E3, 1B, 09, C0, 68, A3, 8F, B8, 36, 8D, 64, 24, 04, 0F, 84, 5F... 
[+]

Entropy:

7.3472

Code size:

10.5 KB (10,752 bytes)

Driver

Display name:

bdfree

Type:

Kernel device driver (KernelDriver)

Scan bdfree_win7_x86.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.