home

dwall.sys

DefenseWall

Ilya Rabinovich

It runs as a Windows kernel mode device driver named “DefenseWall driver”.
Publisher:
SoftSphere Technologies  (signed by Ilya Rabinovich)

Product:
DefenseWall

Version:
3.23

MD5:
5c96063d848bef6e4a1e74f2e7a7f756

SHA-1:
50ec2b5dfc8bd73627298217755e11a2a41e9db4

SHA-256:
5c3742d51cf977c199ada391713e05058686675ceb4d63ac402cfcb5e56d43bc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:11:45 AM UTC  (today)

File size:
1.1 MB (1,146,392 bytes)

Product version:
3.23

Copyright:
Copyright © 2005-2014 Ilya Rabinovich, SoftSphere Technologies

Original file name:
dwall.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\dwall.sys

Digital Signature
Signed by:
Ilya Rabinovich

Authority:
StartCom Ltd.

Valid from:
3/21/2012 6:29:40 AM

Valid to:
3/22/2014 7:42:32 PM

Subject:
E=info@softsphere.com, CN=Ilya Rabinovich, L=Khimky, S=Moskva Oblast, C=RU, Description=nN5tG4tb6ZbGO8b4

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0595

File PE Metadata
Compilation timestamp:
3/20/2014 5:46:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
6.0

CTPH (ssdeep):
12288:wk3I3vLzd7Nibo06Ptg8Y0ct7CFSDNZJeCLWrUj2RIEiZDJNoYTkxd7f1nBdOmjZ:wH5mEQxVG/JFVhx+yymhVbA1ISRSGM

Entry address:
0x5BA77

Entry point:
55, 8B, EC, 83, EC, 48, 56, 57, B9, 07, 00, 00, 00, BE, 6C, 23, 0D, 00, 8D, 7D, D0, F3, A5, B9, 05, 00, 00, 00, BE, 88, 23, 0D, 00, 8D, 7D, EC, F3, A5, E8, 40, BA, FA, FF, 25, FF, 00, 00, 00, 85, C0, 74, 0A, B8, 22, 00, 00, C0, E9, 65, 01, 00, 00, 8B, 45, 08, A3, 5C, BD, 11, 00, 8D, 4D, D0, 51, 8D, 55, C8, 52, FF, 15, 1C, 23, 0B, 00, 68, C8, BC, 11, 00, 6A, 00, 6A, 00, 6A, 22, 8D, 45, C8, 50, 6A, 00, 8B, 4D, 08, 51, FF, 15, 9C, 22, 0B, 00, 89, 45, B8, 83, 7D, B8, 00, 74, 08, 8B, 45, B8, E9, 23, 01, 00, 00...
 
[+]

Entropy:
5.7984

Developed / compiled with:
Microsoft Visual C++

Code size:
646.5 KB (662,016 bytes)

Driver
Display name:
DefenseWall driver

Service name:
dwall

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI

Depends on:
Tdx Tcpip


Scan dwall.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.