» DksKbd.sys
Overview
Analysis
File Details
Behaviors (1)

DksKbd.sys

PC-Wächter

Dr. Kaiser Systemhaus GmbH

It runs as a Windows kernel mode device driver named “DKS Kbd Filter Driver”.

File name:

DksKbd.sys

Publisher:

Dr. Kaiser Systemhaus GmbH (signed and verified)

Product:

PC-Wächter ®

Description:

Keyboard Filter Driver

Version:

7, 2, 103, 0

MD5:

3d05c6e17b89bc4331dc2112025e7d5e

SHA-1:

fecc991c0961be0282f8f2024e314331234dcf7d

SHA-256:

6aa5c58c977057c6fa2c316a24494679f479f222bde57a0af1a51ad9d9f24cad

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 4:19:12 PM UTC (today)

File size:

32.5 KB (33,264 bytes)

Product version:

7, 2, 0, 0

Original file name:

DksKbd.sys

File type:

Driver (Win32 SYS)

Language:

German (Germany)

Common path:

C:\Windows\System32\drivers\dkskbd.sys

Digital Signature

Signed by:

Dr. Kaiser Systemhaus GmbH

Authority:

GlobalSign nv-sa

Valid from:

7/4/2011 6:33:31 PM

Valid to:

7/4/2014 6:33:31 PM

Subject:

E=info@dr-kaiser.de, CN=Dr. Kaiser Systemhaus GmbH, O=Dr. Kaiser Systemhaus GmbH, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217D93FFCFBBC5050AD0B0A8AC4C8AD3F1

File PE Metadata

Compilation timestamp:

5/27/2013 3:17:40 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.10

CTPH (ssdeep):

768:ujVkTNYLbO19v7ijaK+ONjVvAUzQ33fg4+lNilp61:OVkTNYMtijAONZzQ3PD+nilp61

Entry address:

0x539A

Entry point:

55, 8B, EC, 83, EC, 68, 56, 57, E8, FA, EF, FF, FF, BE, 00, 00, 00, C0, 8B, F8, 23, C6, 3B, C6, 75, 07, E8, 45, EF, FF, FF, EB, 71, 53, 6A, 40, BF, 19, 00, 02, 00, 57, 33, DB, 53, 53, 68, 82, 53, 01, 00, 6A, 02, 8D, 4D, 98, E8, 81, FC, FF, FF, 6A, 40, 57, 53, 53, 68, 8E, 53, 01, 00, 6A, 01, 8D, 4D, CC, E8, 6D, FC, FF, FF, 39, 5D, A0, 7C, 08, 88, 1D, 78, 48, 01, 00, EB, 0B, 39, 5D, D4, 0F, 9D, C0, A2, 78, 48, 01, 00, FF, 75, 0C, FF, 75, 08, E8, 90, FE, FF, FF, 8B, F8, 23, C6, 3B, C6, 5B, 75, 05, E8, E2, EE... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

21.1 KB (21,632 bytes)

Driver

Display name:

DKS Kbd Filter Driver

Service name:

DksKbd

Type:

Kernel device driver (KernelDriver)

Scan DksKbd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.