home

BEFlt.sys

SafeGuard Device Encryption

Sophos Limited

It runs as a Windows 64-bit kernel mode device driver named “BeFlt”.
Publisher:
Utimaco Safeware AG - a member of the Sophos Group  (signed by Sophos Limited)

Product:
SafeGuard(R) Device Encryption

Description:
Device Encryption Filter

Version:
5.60.1.7

MD5:
31719540aa9a92d8fe2aa12bf20f0e81

SHA-1:
950a2b09cac0f1f3d622b91b813c9fc23fc69ca4

SHA-256:
eb7285bc27bbd8b34ea955205e3f4d353565cfaef9ddb6f21a0a05e614db7b55

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:14:00 AM UTC  (today)

File size:
135.4 KB (138,664 bytes)

Product version:
5.60.1.7

Copyright:
Copyright © 1996 - 2011 Sophos Group. All rights reserved. SafeGuard is a registered trademark of Sophos Group

Original file name:
BEFlt.sys

File type:
Driver (Win64 SYS)

Language:
German (Germany)

Common path:
C:\Windows\System32\drivers\beflt.sys

Digital Signature
Signed by:
Sophos Limited

Authority:
VeriSign, Inc.

Valid from:
8/31/2011 8:00:00 PM

Valid to:
8/31/2014 7:59:59 PM

Subject:
CN=Sophos Limited, OU=DPG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sophos Limited, L=Abingdon, S=Oxfordshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2AB334442FE9F88BC7D21C4A3950817A

File PE Metadata
Compilation timestamp:
12/16/2011 4:35:51 AM

OS version:
5.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
3072:oS2agQqdWo2KABV7lYQ1DNdX1lC/IEamZJ/caE14SeYvP9lf/4dw:oS2dQqdWoXABV7CQNN91lLiJkaE14/Q9

Entry address:
0x1E800

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, FA, 48, 8B, D9, E8, 4B, 7A, FE, FF, 44, 0F, B7, 1F, 48, 8D, 0D, D8, E7, FF, FF, 45, 33, C9, 66, 41, 83, C3, 02, 45, 33, C0, 41, 0F, B7, D3, 66, 44, 89, 1D, BB, E7, FF, FF, E8, 04, E4, FE, FF, 48, 83, 3D, B4, E7, FF, FF, 00, 74, 30, 48, 8D, 0D, A3, E7, FF, FF, 48, 8B, D7, FF, 15, 2A, 1D, FE, FF, 4C, 8B, 05, 9B, E7, FF, FF, 48, 8D, 15, 64, 22, FE, FF, 48, 8D, 0D, 55, E7, FF, FF, 49, 83, C0, 68, E8, F6, BB, FF, FF, EB, 12, 66, C7, 05, 73, E7, FF, FF, 00, 00, 66...
 
[+]

Entropy:
6.2146

Code size:
115.5 KB (118,272 bytes)

Driver
Display name:
BeFlt

Type:
Kernel device driver (KernelDriver)

Group:
Filter


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.