» estfww.sys
Overview
Analysis
File Details
Behaviors (1)

estfww.sys

ALYac

ESTsoft Corp.

It runs as a Windows kernel mode device driver named “EstFww”.

File name:

estfww.sys

Publisher:

ESTsoft Corp (signed by ESTsoft Corp.)

Product:

ALYac

Description:

RealTime Module

Version:

12, 10, 30, 1

MD5:

e274a7d1c9ddcf86be655a2fa1577048

SHA-1:

cfe8d07be4170af84eab71ef62367e1227a15534

SHA-256:

53778752c7d04c4b0d286a272f34d9d3de995f3f22f00134bbd6e5bf1eb6ea78

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:59:44 AM UTC (today)

File size:

32.9 KB (33,696 bytes)

Product version:

3,0,1,3

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\estsoft\alyac\plugin\realtime\estfww.sys

Digital Signature

Signed by:

ESTsoft Corp.

Authority:

Symantec Corporation

Valid from:

11/25/2015 9:00:00 AM

Valid to:

1/24/2018 8:59:59 AM

Subject:

CN=ESTsoft Corp., O=ESTsoft Corp., L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0465A313E4BAE010B18BD518027D4A88

File PE Metadata

Compilation timestamp:

2/2/2017 8:33:18 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0x1F03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, B6, 21, FE, FF, CC, CC, 2C, F1, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, F4, 01, 00, 78, 60, 00, 00, B4, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, F5, 01, 00, 00, 60, 00, 00, D4, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, F5, 01, 00, 20, 60, 00, 00, E4, F0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, F7, 01, 00, 30, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C4, F4, 01, 00, E6, F4, 01, 00, FA, F4... 
[+]

Entropy:

6.5495

Code size:

19 KB (19,456 bytes)

Driver

Display name:

EstFww

Type:

Kernel device driver (KernelDriver)

Scan estfww.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.