home

dwall.sys

DefenseWall

Ilya Rabinovich

It runs as a Windows kernel mode device driver named “DefenseWall driver”.
Publisher:
SoftSphere Technologies  (signed by Ilya Rabinovich)

Product:
DefenseWall

Version:
3.25

MD5:
9f1f5f548752ca3338c85c8532826258

SHA-1:
dbc8979ff8a846f560a733deb9e2f41cd96350d4

SHA-256:
3279d411181aa74d4226747be313fb3a3ab2556d3d35066651b88b216452948d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:11:33 PM UTC  (today)

File size:
1.1 MB (1,151,816 bytes)

Product version:
3.25

Copyright:
Copyright © 2005-2015 Ilya Rabinovich, SoftSphere Technologies

Original file name:
dwall.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\dwall.sys

Digital Signature
Signed by:
Ilya Rabinovich

Authority:
StartCom Ltd.

Valid from:
3/22/2014 2:42:43 AM

Valid to:
3/22/2016 2:55:58 PM

Subject:
E=info@softsphere.com, CN=Ilya Rabinovich, L=Moscow, S=Moskva Oblast, C=RU, Description=9NZ35sjSCiRSI2At

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0D94

File PE Metadata
Compilation timestamp:
4/22/2015 4:19:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
6.0

CTPH (ssdeep):
12288:gNWm2zq4it36a1UBtdQNgMR7AFTD6Zg8bBLmjaRcG9ujiSKtXTkoGBmIixNKC6pZ:g+G9upCC9fQaJHjAH2HMuPgtSRSP1C

Entry address:
0x5C43F

Entry point:
55, 8B, EC, 83, EC, 48, 56, 57, B9, 07, 00, 00, 00, BE, C0, 27, 0D, 00, 8D, 7D, D0, F3, A5, B9, 05, 00, 00, 00, BE, DC, 27, 0D, 00, 8D, 7D, EC, F3, A5, E8, 78, B0, FA, FF, 25, FF, 00, 00, 00, 85, C0, 74, 0A, B8, 22, 00, 00, C0, E9, 8E, 01, 00, 00, 8B, 45, 08, A3, 44, CA, 11, 00, 68, 28, CB, 11, 00, E8, E0, 25, FC, FF, A3, 74, CB, 11, 00, 83, 3D, 74, CB, 11, 00, 00, 75, 0A, B8, 22, 00, 00, C0, E9, 64, 01, 00, 00, 8D, 4D, D0, 51, 8D, 55, C8, 52, FF, 15, 20, 23, 0B, 00, 68, AC, C9, 11, 00, 6A, 00, 6A, 00, 6A...
 
[+]

Entropy:
5.7987

Developed / compiled with:
Microsoft Visual C++

Code size:
649 KB (664,576 bytes)

Driver
Display name:
DefenseWall driver

Service name:
dwall

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI

Depends on:
Tdx Tcpip


Scan dwall.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.