» DptfDevAmbient.sys
Overview
Analysis
File Details
Behaviors (1)

DptfDevAmbient.sys

Intel Dynamic Platform & Thermal Framework

Intel MCG PIV Tablet Validation

It runs as a Windows kernel mode device driver named “DptfDevAmbient”.

File name:

DptfDevAmbient.sys

Publisher:

Intel Corporation (signed by Intel MCG PIV Tablet Validation)

Product:

Intel Dynamic Platform & Thermal Framework

Description:

Intel Dynamic Platform & Thermal Framework Ambienter Participant Driver

Version:

07.1.0.130

MD5:

bae8e232d50467f8812f6fef22ab12f8

SHA-1:

b99717ba86114b4f1b359866fb14ed9e5da132a4

SHA-256:

6eb55f8d02bc8d5e4b3eb1059fed2c0afaff1ec9c112a5a2c8ec2665a145d951

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 5:01:50 AM UTC (today)

File size:

42.5 KB (43,472 bytes)

Product version:

07.1.0.130

Original file name:

DptfDevAmbient.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\dptfdevambient.sys

Digital Signature

Signed by:

Intel MCG PIV Tablet Validation

Authority:

Intel Corporation

Valid from:

11/26/2012 10:38:43 AM

Valid to:

5/15/2015 2:35:13 PM

Subject:

CN=Intel MCG PIV Tablet Validation

Issuer:

CN=Intel External Basic Issuing CA 3A, O=Intel Corporation, C=US

Serial number:

1B3B76CF0001000099AB

File PE Metadata

Compilation timestamp:

7/18/2013 11:17:27 PM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:+Yo2GoLuu0V8x7PaWPYQsNAWhWI0tMyba14asQVXzXOsWiUma0:+YfGo6u0VK7SWPJsRB0tMybVaxO+Uma0

Entry address:

0x75D0

Entry point:

8B, FF, 55, 8B, EC, E8, 26, 2A, 00, 00, 5D, E9, 00, 00, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 0E, FF, 75, 0C, 56, E8, 5A, CC, FF, FF, E9, AE, 00, 00, 00, 53, 57, FF, 75, 0C, BF, D0, 9A, 40, 00, 89, 35, BC, 98, 40, 00, 57, C7, 05, D0, 9A, 40, 00, 00, 00, 08, 02, C7, 05, D4, 9A, 40, 00, C8, 98, 40, 00, FF, 15, 78, 80, 40, 00, 68, B8, 98, 40, 00, BB, 84, 91, 40, 00, 53, 57, 56, E8, 40, FF, FF, FF, 85, C0, 78, 6B, 53, E8, E6, 00, 00, 00, 8B, F8, 85, FF, 78, 58, E8, 8D, 00, 00, 00, 8B, F8, 85... 
[+]

Entropy:

6.6120

Code size:

28.5 KB (29,184 bytes)

Driver

Display name:

DptfDevAmbient

Type:

Kernel device driver (KernelDriver)

Group:

Base

Scan DptfDevAmbient.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.