» HIDKMDF.SYS
Overview
Analysis
File Details
Behaviors (1)

HIDKMDF.SYS

Windows Win 7 DDK driver

Wacom Technology Corp.

It runs as a Windows 64-bit kernel mode device driver named “KMDF Driver”.

File name:

HIDKMDF.SYS

Publisher:

Windows (R) Win 7 DDK provider (signed by Wacom Technology Corp.)

Product:

Windows (R) Win 7 DDK driver

Description:

Filter Driver for HID-KMDF Interface

Version:

6.1.7600.16385 built by: WinDDK

MD5:

57b3c2e40b28fa1afb23103fe3dd11d2

SHA-1:

c57318d0724d1b874e3005039aaa88c697172bae

SHA-256:

fd66cc24094810661e2c33cedbcbfc5b3c00cb18c9ae3ace945b9a1dd08eeea3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:38:13 PM UTC (a few moments ago)

File size:

13.4 KB (13,728 bytes)

Product version:

6.1.7600.16385

Original file name:

HIDKMDF.SYS

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\hidkmdf.sys

Digital Signature

Signed by:

Wacom Technology Corp.

Authority:

VeriSign, Inc.

Valid from:

1/31/2012 6:00:00 PM

Valid to:

2/28/2013 5:59:59 PM

Subject:

CN=Wacom Technology Corp., OU=Technical Services/QA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Wacom Technology Corp., L=Vancouver, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5EA9A42377C05624E16F6291CAF56BDA

File PE Metadata

Compilation timestamp:

8/24/2011 2:48:10 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

192:yJw3ZmN9l0HNbIMoCqpQA9R335/wJirNmL/vrgMuBARH+v2Kr9ZCspE+TMIrw:kKZM0HlapQgR3mirIL8k5jeM

Entry address:

0x611C

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, CE, FE, FF, FF, CC, CC, 88, 61, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F6, 61, 00, 00, 10, 20, 00, 00, 78, 61, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1C, 62, 00, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 62, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E6, 61, 00, 00, 00, 00, 00, 00, D6, 61, 00, 00, 00, 00, 00, 00, C6, 61, 00, 00... 
[+]

Entropy:

5.6326

Code size:

3.5 KB (3,584 bytes)

Driver

Display name:

KMDF Driver

Service name:

hidkmdf

Type:

Kernel device driver (KernelDriver)

Group:

PNP Filter

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.