home

cdfdrv.sys

Citrix Presentation Server

Citrix Systems, Inc

It runs as a Windows kernel mode device driver named “cdfdrv”.
Publisher:
Citrix Systems, Inc.  (signed by Citrix Systems, Inc)

Product:
Citrix Presentation Server

Description:
Trace Kernel Mode Driver

Version:
4.50.1001

MD5:
f0c409ba9b5e452c4cdbbc3ff8d7eb17

SHA-1:
44b7b8fb442d4ef15a6ac127808b4dc011642ad0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 8:56:08 PM UTC  (today)

File size:
22.4 KB (22,968 bytes)

Product version:
4.50

Copyright:
Copyright 1990-2006 Citrix Systems, Inc.

Original file name:
cdfdrv.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\cdfdrv.sys

Digital Signature
Signed by:
Citrix Systems, Inc

Authority:
VeriSign, Inc.

Valid from:
3/30/2007 8:00:00 AM

Valid to:
3/30/2008 7:59:59 AM

Subject:
CN="Citrix Systems, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Citrix Systems, Inc", L=Fort Lauderdale, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D98CA15813242E799BEB20C88261291

File PE Metadata
Compilation timestamp:
5/25/2007 3:39:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
384:U7hJymoQJ55y+GotDYuVJLBj+NIvxhLKatDY7hhaWS23K6gLCcgSNLbj6jS:6hJJ5y+rLsNcKatah4WS23cL3jbjmS

Entry address:
0x3206

Entry point:
55, 8B, EC, 83, EC, 10, E8, 33, D7, FF, FF, F6, 05, B0, 1F, 01, 00, 02, 74, 13, 80, 3D, AC, 1F, 01, 00, 01, 72, 0A, 68, A0, 30, 01, 00, E8, D5, D0, FF, FF, 53, 56, 8B, 75, 08, 57, 8B, 3D, B0, 1C, 01, 00, 68, B8, 30, 01, 00, 8D, 45, F8, 50, C7, 46, 34, AC, 20, 01, 00, C7, 46, 38, 24, 21, 01, 00, C7, 46, 40, 3E, 21, 01, 00, C7, 46, 70, B8, 24, 01, 00, C7, 86, 80, 00, 00, 00, 58, 21, 01, 00, C7, 86, 94, 00, 00, 00, 52, 2D, 01, 00, FF, D7, 68, C4, 1F, 01, 00, 33, DB, 53, 53, 6A, 22, 8D, 45, F8, 50, 53, 56, FF...
 
[+]

Entropy:
6.8009

Developed / compiled with:
Microsoft Visual C++

Code size:
12.2 KB (12,448 bytes)

Driver
Display name:
cdfdrv

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.