home

dwprot.sys

Dr.Web Anti-Virus

Doctor Web Ltd.

It runs as a Windows file system device driver named “DrWeb Protection”.
Publisher:
Doctor Web, Ltd.  (signed by Doctor Web Ltd.)

Product:
Dr.Web Anti-Virus

Description:
Dr.Web Protection for Windows

Version:
6.0.9.08260

MD5:
36983b6b946e86463b174a5620a96919

SHA-1:
7a5e0327a50e2800fee310132a2e141996aa31c0

SHA-256:
36f2b811789e8a8a802062f29d2810681c500dc0050f6bc820615652281ea2c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:05:39 PM UTC  (a few moments ago)

File size:
142.4 KB (145,784 bytes)

Product version:
6.0.9

Copyright:
Copyright Doctor Web, Ltd., 1992-2011

Original file name:
dwprot.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\dwprot.sys

Digital Signature
Signed by:
Doctor Web Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/8/2008 3:00:00 AM

Valid to:
10/8/2011 2:59:59 AM

Subject:
CN=Doctor Web Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Doctor Web Ltd., S=Saint-Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D34695F3DF1206DA6579A0DB785C25F

File PE Metadata
Compilation timestamp:
8/26/2011 12:55:22 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:a2GPRh+srIBV8QDHI4ZzCAuNfCkHbOJrSZpImoUb0vXkPlJ:bGPasSDHT4HbONSgQ0vXyH

Entry address:
0x1EB0B

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 6B, EF, FF, FF, CC, 5C, 00, 44, 00, 6F, 00, 73, 00, 44, 00, 65, 00, 76, 00, 69, 00, 63, 00, 65, 00, 73, 00, 5C, 00, 44, 00, 77, 00, 50, 00, 72, 00, 6F, 00, 74, 00, 00, 00, 5C, 00, 44, 00, 65, 00, 76, 00, 69, 00, 63, 00, 65, 00, 5C, 00, 44, 00, 77, 00, 50, 00, 72, 00, 6F, 00, 74, 00, 00, 00, 00, 00, 44, 00, 57, 00, 50, 00, 54, 00, 00, 00, 50, 73, 47, 65, 74, 43, 6F, 6E, 74, 65, 78, 74, 54, 68, 72, 65, 61, 64, 00, CC, 50, 73, 53, 65, 74, 43, 6F, 6E, 74, 65, 78...
 
[+]

Code size:
109.4 KB (112,000 bytes)

Driver
Display name:
DrWeb Protection

Service name:
DwProt

Type:
File system 'filter' driver (FileSystemDriver)

Group:
filter


Scan dwprot.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.