» DksKbd.sys
Overview
Analysis
File Details
Behaviors (1)

DksKbd.sys

PC-Wächter

Dr. Kaiser Systemhaus GmbH

It runs as a Windows kernel mode device driver named “DKS Kbd Filter Driver”.

File name:

DksKbd.sys

Publisher:

Dr. Kaiser Systemhaus GmbH (signed and verified)

Product:

PC-Wächter ®

Description:

Keyboard Filter Driver

Version:

6, 2, 21, 0

MD5:

3ba07131d22a033ce3c50aa71c8aba1c

SHA-1:

8134072b623c04347e3ef6a187146df863b224d9

SHA-256:

0bf5b1103e2b780effeeb3eee61db5f884f3d7ac26d3d42dfecef364e8a317a7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 8:12:23 PM UTC (today)

File size:

53.3 KB (54,608 bytes)

Product version:

6, 2, 0, 0

Original file name:

DksKbd.sys

File type:

Driver (Win32 SYS)

Language:

German (Germany)

Common path:

C:\Windows\System32\drivers\dkskbd.sys

Digital Signature

Signed by:

Dr. Kaiser Systemhaus GmbH

Authority:

GlobalSign nv-sa

Valid from:

7/4/2011 6:33:31 PM

Valid to:

7/4/2014 6:33:31 PM

Subject:

E=info@dr-kaiser.de, CN=Dr. Kaiser Systemhaus GmbH, O=Dr. Kaiser Systemhaus GmbH, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217D93FFCFBBC5050AD0B0A8AC4C8AD3F1

File PE Metadata

Compilation timestamp:

8/11/2011 4:50:45 PM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.10

CTPH (ssdeep):

768:DdRNRe37nFPYO0CQktrS035FAviDLtX7xdq9CgLvONiXj:NI7Jp0CQYV3PIwt5gwiz

Entry address:

0xAB00

Entry point:

08, FB, FF, FF, C7, 44, 24, 30, 40, 00, 00, 00, 4C, 8D, 05, 79, 01, 00, 00, 8D, 55, 01, 48, 8D, 4C, 24, 40, 45, 33, C9, C7, 44, 24, 28, 19, 00, 02, 00, 89, 6C, 24, 20, E8, DD, FA, FF, FF, 39, AC, 24, A0, 00, 00, 00, 7C, 09, 40, 88, 2D, DD, DF, FF, FF, EB, 0B, 39, 6C, 24, 50, 0F, 9D, 05, D0, DF, FF, FF, 48, 8B, D7, 48, 8B, CE, E8, E5, FC, FF, FF, 8B, C8, 8B, D8, 81, E1, 00, 00, 00, C0, 81, F9, 00, 00, 00, C0, 75, 05, E8, EE, C5, FF, FF, 48, 8B, 4C, 24, 48, 48, 85, C9, 74, 10, 48, 85, C9, 48, 89, 6C, 24, 48... 
[+]

Entropy:

6.1570

Code size:

39.6 KB (40,576 bytes)

Driver

Display name:

DKS Kbd Filter Driver

Service name:

DksKbd

Type:

Kernel device driver (KernelDriver)

Scan DksKbd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.