home

cdprobe.sys

Centennial Software Ltd

It runs as a Windows 64-bit kernel mode device driver named “CdProbe”.
Publisher:
Centennial Software Ltd  (signed and verified)

MD5:
45fab1695aa2e6f461c80597ca24f7b8

SHA-1:
91159ec39c075a69daf4703fdcbcdc0514a4a353

SHA-256:
0360e89f3fb8bd7b16835b848835549c333b5fb55262a42b23224aaf61a0fc18

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/6/2024 11:20:13 PM UTC  (a few moments ago)

File size:
23 KB (23,592 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\cdprobe.sys

Digital Signature
Signed by:
Centennial Software Ltd

Authority:
VeriSign, Inc.

Valid from:
10/28/2008 8:00:00 PM

Valid to:
12/6/2010 6:59:59 PM

Subject:
CN=Centennial Software Ltd, OU=Engineering, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Centennial Software Ltd, L=Swindon, S=Wiltshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
208FAE376763BB74FF8A28BCEB3B11AA

File PE Metadata
Compilation timestamp:
11/24/2008 11:33:08 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
384:E1/dWZxOvoLk+jx6/OJiJ7kA94joE0rl9DZWvFYJLWd6jvabN1:iOfsKfGl9DZWvgLAmybL

Entry address:
0x7008

Entry point:
48, 8B, 05, F1, E0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, E0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, E0, FF, FF, 48, F7, D0, 48, 89, 05, AC, E0, FF, FF, E9, 73, C5, FF, FF, CC, CC, CC, 30, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 73, 00, 00, 90, 40, 00, 00, A0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 74, 00, 00...
 
[+]

Entropy:
6.4595

Code size:
13.5 KB (13,824 bytes)

Driver
Display name:
CdProbe

Type:
Kernel device driver (KernelDriver)


Scan cdprobe.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.