home

heimdall.sra.sys

Stormshield Endpoint Security

SkyRecon Systems

It runs as a Windows kernel mode device driver named “heimdall”.
Publisher:
Stormshield  (signed by SkyRecon Systems)

Product:
Stormshield Endpoint Security

Version:
7.2.13.28446

MD5:
8ae8f2b34f84eb93158950d03df85f65

SHA-1:
dd9fd7a624f6f45659524a010fe64fa3f63871ae

SHA-256:
bf7fa0d291b3eaea18b088e4f4d4a2ad55e8ced9e91c08d44252c42b957970d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 10:56:33 AM UTC  (today)

File size:
786.9 KB (805,744 bytes)

Product version:
7.2.13.28446

Copyright:
Stormshield - All rights reserved

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\heimdall.sra.sys

Digital Signature
Signed by:
SkyRecon Systems

Authority:
VeriSign, Inc.

Valid from:
1/6/2016 1:00:00 AM

Valid to:
4/6/2017 1:59:59 AM

Subject:
CN=SkyRecon Systems, O=SkyRecon Systems, L=Issy-les-Moulineaux, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7BCF39B19FA193A777E7943C942EDC15

File PE Metadata
Compilation timestamp:
10/20/2016 6:06:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
10.0

Entry address:
0xB6634

Entry point:
8B, FF, 55, 8B, EC, E8, C2, FF, FF, FF, 5D, E9, AC, 0B, F9, FF, CC, 66, 0B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, 77, 0B, 00, 38, 04, 00, 00, A4, 66, 0B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 78, 0B, 00, 10, 04, 00, 00, 94, 66, 0B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 78, 0B, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, 78, 0B, 00, 34, 78, 0B, 00, 0C, 78, 0B, 00, 00, 00, 00, 00, CA, 7A, 0B, 00, D8, 7A, 0B, 00, FE, 7A, 0B, 00, F0, 77, 0B, 00...
 
[+]

Code size:
544.5 KB (557,568 bytes)

Driver
Display name:
heimdall

Type:
Kernel device driver (KernelDriver)

Depends on:
fltmgr


Scan heimdall.sra.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.