» eslwireacd.sys
Overview
Analysis
File Details
Behaviors (1)

eslwireacd.sys

EslWireACD

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLWireAC”.

File name:

eslwireacd.sys

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

EslWireACD

Version:

1.0.0.5630

MD5:

40329f1e1246db2374b18d73b8f3e5d4

SHA-1:

7a7bc9da2cbd16a4c4bcdca9576e8eb545e94662

SHA-256:

28f04b0013600654c627ee15ca6a50e2204636bcaf4a690e187522856714bc6b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 12:47:39 AM UTC (today)

File size:

121.1 KB (124,040 bytes)

Product version:

1.0

Original file name:

EslWireACD

File type:

Driver (Win64 SYS)

Language:

Language Neutral

Common path:

C:\Windows\System32\drivers\eslwireacd.sys

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

9/29/2011 5:19:37 PM

Valid to:

12/27/2014 10:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, OU=Desktop Software Development, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211D81E9C09273DF1A6E9A05931416F400

File PE Metadata

Compilation timestamp:

11/17/2014 1:56:32 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:iIcujS+ak6QCus3pACFa8seKsRJzCRmKfwY:JcujSbkBm3pLFa8sKLc

Entry address:

0x8DE17

Entry point:

E9, 7E, DE, FF, FF, 0F, 85, 2C, E2, FE, FF, 66, BF, EF, 25, 66, 81, FB, 67, 75, 8B, 7A, 24, F5, 48, 01, C7, F8, F8, F8, F8, 0F, B7, 0C, 4F, 66, C1, E7, 02, 48, 11, CF, 8B, 7A, 1C, 48, 0F, A3, D3, 0F, A3, F4, 48, 01, C7, 66, 0F, BA, E6, 03, F5, 8B, 3C, 8F, 84, D7, 85, FF, E9, CB, D1, FF, FF, E9, DC, 04, 00, 00, 59, E9, 55, EA, FF, FF, E9, F3, D3, FE, FF, E9, 1E, DB, FF, FF, E9, 59, 05, 00, 00, 48, 8D, 76, 01, 0F, 84, 99, A8, FE, FF, 10, D2, C3, E9, 72, A7, FE, FF, 0F, 84, 7A, E9, FE, FF, F5, 66, 0F, BA, F2... 
[+]

Entropy:

7.5611

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

39.5 KB (40,448 bytes)

Driver

Display name:

ESLWireAC

Type:

Kernel device driver (KernelDriver)

Scan eslwireacd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.