» eslwireacd.sys
Overview
Analysis
File Details
Behaviors (1)

eslwireacd.sys

EslWireACD

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLWireAC”.

File name:

eslwireacd.sys

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

EslWireACD

Version:

1.0.0.5949

MD5:

f4fb6f7d68e08d93c2e05ecd71d4bcf2

SHA-1:

25a91668aaa659f89b07591a638256e3b1b339e4

SHA-256:

ae658b0129e93d849b95ead3a107f01edaf0b9c53f9816d3df8c889797e37b2c

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/1/2024 7:58:15 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Patched

2014.0.4257

McAfee

Generic Obfuscated.c

5600.6818

File size:

95.8 KB (98,080 bytes)

Product version:

1.0

Original file name:

EslWireACD

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\eslwireacd.sys

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

1/8/2015 3:02:22 PM

Valid to:

4/8/2016 4:02:22 PM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121CA414E26A79FC3D34553A430BC8FEFAD

File PE Metadata

Compilation timestamp:

3/9/2015 3:32:16 PM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

1536:2AyWqGpG9pbuA6R1AiA3RXvqKRsheTFso+osUvOxr+4AGp5Hy6ASTDpH/Hm7TyHg:MWqxpMAiwX0Ih1sUWtprfDp/m7Tmg

Entry address:

0x5EE4B

Entry point:

E9, 3F, AC, FF, FF, 0F, 85, 8E, 5D, FF, FF, 66, F7, D6, 48, 8D, 34, 4D, E7, 4B, 36, 54, 66, 0F, B6, F3, 0F, BE, F0, 48, 8B, 35, 61, 13, 00, 00, E9, 3F, 46, 00, 00, E9, 7C, 55, FF, FF, E9, 69, BF, FF, FF, 0F, 84, BE, D0, FF, FF, E9, 29, A1, FF, FF, 66, F7, DA, 48, 01, C6, 48, 0F, BD, D1, 48, 81, CA, 5B, AB, 09, 0B, 0F, BD, D6, F6, DE, 8B, 96, 88, 00, 00, 00, F8, 85, D2, E9, B7, 09, 00, 00, 0F, 84, D7, 5D, FF, FF, 80, D9, 54, 80, E5, 2C, 50, E9, 5C, D5, FF, FF, E9, F6, 04, 00, 00, E9, FA, 02, 00, 00, E9, F5... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

18 KB (18,432 bytes)

Driver

Display name:

ESLWireAC

Type:

Kernel device driver (KernelDriver)

Scan eslwireacd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.