home

BootEwf.sys

Ark Information Systems inc.

It runs as a Windows kernel mode device driver named “ARK BOOTEWF”.
Publisher:
Ark Information Systems inc.  (signed and verified)

Product:
ARK Information Systems Inc.

Description:
BootEWF

Version:
5.0.3.0

MD5:
169aca9ed28121f7e44cd4555f003925

SHA-1:
650ffb043acc4fdc2a91ef2bd407573ddf52f3d8

SHA-256:
f3cb152a537a4e0b2cd2cdbae6bf96b8e259e409b28517c5dcef208deeef360c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/2/2024 12:38:04 PM UTC  (today)

File size:
124 KB (126,960 bytes)

Product version:
5.0.3.0

Copyright:
ARK Information Systems Inc. All rights reserved.

Original file name:
BootEwf.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\bootewf.sys

Digital Signature
Signed by:
Ark Information Systems inc.

Authority:
DigiCert Inc

Valid from:
12/17/2015 9:00:00 AM

Valid to:
2/22/2017 9:00:00 PM

Subject:
CN=Ark Information Systems inc., O=Ark Information Systems inc., L=Chiyoda-ku, S=Tokyo, C=JP, PostalCode=102-0076, STREET=4-2 Go-bancho, SERIALNUMBER=0100 01 009637, OID.1.3.6.1.4.1.311.60.2.1.3=JP, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0301D7C05F2DA0E0741922C4F7ED9051

File PE Metadata
Compilation timestamp:
3/24/2016 7:01:19 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x1D03E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 6E, F0, FE, FF, CC, CC, A0, D0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, D7, 01, 00, 14, B0, 01, 00, 8C, D0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, D8, 01, 00, 00, B0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, D8, 01, 00, F6, D7, 01, 00, E2, D7, 01, 00, 1C, D8, 01, 00, 00, 00, 00, 00, 48, D2, 01, 00, 60, D2, 01, 00, 7C, D2, 01, 00, 88, D2, 01, 00, A0, D2, 01, 00, B0, D2, 01, 00, D0, D2, 01, 00, E4, D2...
 
[+]

Entropy:
6.6919

Code size:
104.5 KB (107,008 bytes)

Driver
Display name:
ARK BOOTEWF

Service name:
bootewf

Type:
Kernel device driver (KernelDriver)

Group:
System Bus Extender


Scan BootEwf.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.