home

epfilter.sys

EntryProtect

SentryBay Corporation

It runs as a Windows kernel mode device driver named “epfilter”.
Publisher:
SentryBay  (signed by SentryBay Corporation)

Product:
EntryProtect

Version:
5.0.0.4323

MD5:
04ca55c28b9d95f79342500ff2513082

SHA-1:
4acb54426cb87980decb0e6756d38d1807ed007e

SHA-256:
e7d5806bc435088b3356c42b85a192813cb42cccce3adf72874ae275e3bc2aa6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 12:32:44 PM UTC  (today)

File size:
13.4 KB (13,696 bytes)

Product version:
5.0.0.4323

Copyright:
© SentryBay. All rights reserved.

Original file name:
epfilter.sys

File type:
Driver (Win32 SYS)

Language:
Language Neutral

Common path:
C:\Windows\System32\drivers\epfilter.sys

Digital Signature
Signed by:
SentryBay Corporation

Authority:
VeriSign, Inc.

Valid from:
4/14/2010 8:00:00 PM

Valid to:
5/18/2011 7:59:59 PM

Subject:
CN=SentryBay Corporation, OU=Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SentryBay Corporation, L=Auckland, S=Auckland, C=NZ

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06C8D9B537D80FEFF666870D7B7483A4

File PE Metadata
Compilation timestamp:
5/24/2010 8:15:51 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
192:HLAVgU1IWBrpMqmF69yowJL/8Qpkqs1IZQcI+ebCfhB7W:AN+IaqmY9YJLu1jcebC5p

Entry address:
0x5147

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, AF, FE, FF, FF, CC, 80, 51, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6C, 54, 00, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 51, 00, 00, 0C, 52, 00, 00, 1E, 52, 00, 00, 3C, 52, 00, 00, 4E, 52, 00, 00, 62, 52, 00, 00, 70, 52, 00, 00, 8C, 52, 00, 00, A4, 52, 00, 00, BC, 52, 00, 00, DC, 52, 00, 00, F0, 52, 00, 00, 0C, 53, 00, 00, 1C, 53, 00, 00, 2C, 53, 00, 00, 42, 53, 00, 00, 62, 53, 00, 00, 7A, 53, 00...
 
[+]

Entropy:
5.9214

Code size:
4.5 KB (4,608 bytes)

Driver
Display name:
epfilter

Type:
Kernel device driver (KernelDriver)

Group:
Keyboard Port


Scan epfilter.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.