» eslwireacd.sys
Overview
Analysis
File Details
Behaviors (1)

eslwireacd.sys

EslWireACD

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLWireAC”.

File name:

eslwireacd.sys

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

EslWireACD

Version:

1.0.0.5982

MD5:

4ad3f9041348b5c50de8274812dcf999

SHA-1:

87b4ec7fd85c8ee567d053bff50f81f1b0426322

SHA-256:

e614efe6365d9bd4608af7ae56d9f707545512dd78d535488415a319b5890096

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/1/2024 5:15:28 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Patched

2016.0.3097

Fortinet FortiGate

W32/Obfuscated.C!tr

5/26/2015

IKARUS anti.virus

Win32.Patched

t3scan.1.8.9.0

McAfee

Artemis!4AD3F9041348

5600.6753

Trend Micro House Call

Suspicious_GEN.F47V0501

7.2.146

VIPRE Antivirus

Trojan.Win32.Generic

39884

File size:

94.3 KB (96,544 bytes)

Product version:

1.0

Original file name:

EslWireACD

File type:

Driver (Win64 SYS)

Language:

Language Neutral

Common path:

C:\Windows\System32\drivers\eslwireacd.sys

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

1/8/2015 3:02:22 PM

Valid to:

4/8/2016 4:02:22 PM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121CA414E26A79FC3D34553A430BC8FEFAD

File PE Metadata

Compilation timestamp:

4/14/2015 2:48:02 PM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

1536:EqwZFFKG0jfw8UUNltwb+TaWwwvvlIfrHyzjLrvzOXR2:LSC08UUpI+GWw4vSGzjLbzOX0

Entry address:

0x66E45

Entry point:

E9, 95, 95, FF, FF, 66, 0F, CF, 66, 0F, A5, DF, 66, 0F, AC, F6, 0E, 83, E9, 01, 11, C6, 66, 81, C6, 82, BD, 89, 4D, FC, 48, 8D, 88, 07, 1B, 5E, 0F, F6, D9, C0, E5, 07, 8B, 4D, F8, 0F, BC, F6, F5, 66, 0F, A4, E7, 09, 66, 0F, BE, FA, 03, 4D, FC, 48, 87, F7, 38, D3, 66, C1, EF, 0A, E9, B9, 78, FF, FF, E9, 59, 8D, FF, FF, E9, D4, F1, FF, FF, 0F, 84, FB, 92, FF, FF, 0F, CA, 0F, B6, D1, 48, 8D, 53, 08, 66, 0F, B6, F1, 48, 8D, BD, B6, D3, EC, B8, 48, 8B, 7D, 10, 66, 0F, B6, F1, 48, 8D, 35, BB, 02, FF, FF, E9, 9A... 
[+]

Entropy:

7.3957

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

18 KB (18,432 bytes)

Driver

Display name:

ESLWireAC

Type:

Kernel device driver (KernelDriver)

Scan eslwireacd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.