home

dem99df.tmp

EslWireACD

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLWireAC”.
Publisher:
<Turtle Entertainment>  (signed by Turtle Entertainment GmbH)

Product:
EslWireACD

Version:
1.0.0.6115

MD5:
aa54bad284a18790acaa24eb0df68e6b

SHA-1:
b23630345a2d6f3572c1841284350e467c3b4976

SHA-256:
98437c7b0e790a4fc1fac3d2abbf71c3f45fc1df9814e9642bc3298d832f1612

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 12:50:33 AM UTC  (today)

File size:
103.3 KB (105,760 bytes)

Product version:
1.0

Copyright:
Copyright © 2010

Original file name:
EslWireACD

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\dem99df.tmp

Digital Signature
Signed by:
Turtle Entertainment GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/8/2015 4:02:22 PM

Valid to:
4/8/2016 5:02:22 PM

Subject:
CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CA414E26A79FC3D34553A430BC8FEFAD

File PE Metadata
Compilation timestamp:
1/26/2016 11:19:56 AM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
1536:iiS6qajtzcm08KEtLiCORoAIzgyhj0sJj8J8aMgwCwIH0JkGcD8867EP++EjZKpL:fg83E6galgjw+Ul37g+LjYpJZ9Ziq

Entry address:
0x68CF5

Entry point:
E9, 03, 56, FF, FF, E9, 00, F6, FF, FF, 0F, 83, 7B, CA, FF, FF, 66, 0F, C1, FB, FE, CF, 48, 89, C3, 0F, BC, CA, E9, 5C, DE, FF, FF, E8, A0, C1, FF, FF, E9, CE, 53, FF, FF, 6E, 74, 6F, 73, 6B, 72, 6E, 6C, 2E, 65, 78, 65, 00, E9, D7, 17, 00, 00, FF, 10, F8, E9, C7, D2, FF, FF, E9, 3B, 18, 00, 00, E9, C1, F7, FF, FF, 66, 0F, BE, C3, 66, 0F, BE, C2, 48, 8D, 05, B5, 94, FF, FF, E9, DD, 86, FF, FF, 00, 00, 4B, 65, 52, 65, 6C, 65, 61, 73, 65, 53, 70, 69, 6E, 4C, 6F, 63, 6B, 00, E9, 01, D1, FF, FF, 0F, 85, A6, 06...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
19.5 KB (19,968 bytes)

Driver
Display name:
ESLWireAC

Type:
Kernel device driver (KernelDriver)


Scan dem99df.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.