home

BootEwf.sys

Ark Information Systems inc.

It runs as a Windows kernel mode device driver named “ARK BOOTEWF”.
Publisher:
Ark Information Systems inc.  (signed and verified)

Product:
ARK Information Systems Inc.

Description:
BootEWF

Version:
5.0.2.0

MD5:
4cbbce31e995bc943c718470a206356c

SHA-1:
6e032dd20453b4ed9735d7cc98043cda16c8bf1b

SHA-256:
c1b0f2239e4965956e441e9083d860f70f239b27fc8e7c82837e40d7e6feb380

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/2/2024 7:12:24 PM UTC  (today)

File size:
121.9 KB (124,808 bytes)

Product version:
5.0.2.0

Copyright:
ARK Information Systems Inc. All rights reserved.

Original file name:
BootEwf.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\bootewf.sys

Digital Signature
Signed by:
Ark Information Systems inc.

Authority:
Symantec Corporation

Valid from:
6/12/2015 9:00:00 AM

Valid to:
7/5/2016 8:59:59 AM

Subject:
CN=Ark Information Systems inc., OU=KikakuHanbai, O=Ark Information Systems inc., L=Chiyoda-Ku, S=Tokyo, C=JP

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6D1E153D707BC4EF21516F7DB4727FDC

File PE Metadata
Compilation timestamp:
12/1/2015 1:08:46 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x1D03E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, E8, EF, FE, FF, CC, CC, A0, D0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, D7, 01, 00, 14, B0, 01, 00, 8C, D0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, D8, 01, 00, 00, B0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, D8, 01, 00, F6, D7, 01, 00, E2, D7, 01, 00, 1C, D8, 01, 00, 00, 00, 00, 00, 48, D2, 01, 00, 60, D2, 01, 00, 7C, D2, 01, 00, 88, D2, 01, 00, A0, D2, 01, 00, B0, D2, 01, 00, D0, D2, 01, 00, E4, D2...
 
[+]

Entropy:
6.7028

Code size:
104 KB (106,496 bytes)

Driver
Display name:
ARK BOOTEWF

Service name:
bootewf

Type:
Kernel device driver (KernelDriver)

Group:
System Bus Extender


Scan BootEwf.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.