» iwdmw764.sys
Overview
Analysis
File Details
Behaviors (1)

iwdmw764.sys

InfoWatch Device Monitor

ZAO InfoWatch

It runs as a Windows 64-bit kernel mode device driver named “Device Monitor Device Control Driver for Windows Vista”.

File name:

iwdmw764.sys

Publisher:

InfoWatch (signed by ZAO InfoWatch)

Product:

InfoWatch Device Monitor

Description:

InfoWatch Device Monitor Device Filter Driver (win7) x64

Version:

5.1.390.0

MD5:

cadb0fda91fba02ba0d884c52ec703ca

SHA-1:

7e432fbdebe318f5b72783b47fcd050dc604d044

SHA-256:

ff805261f8dfba55805af28efcd2b224a46f7e996abda66aae2a76a5386036f5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 12:15:55 AM UTC (today)

File size:

118.2 KB (121,032 bytes)

Product version:

5.1.390.0

Original file name:

Client.Device.Filter.sys

File type:

Driver (Win64 SYS)

Language:

Language Neutral

Common path:

C:\Windows\System32\drivers\iwdmw764.sys

Digital Signature

Signed by:

ZAO InfoWatch

Authority:

VeriSign, Inc.

Valid from:

9/19/2013 4:00:00 AM

Valid to:

10/20/2014 3:59:59 AM

Subject:

CN=ZAO InfoWatch, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ZAO InfoWatch, L=Moscow, S=Russian Federation, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

24151D1E4045E32A4EA4E75CE81EA5C9

File PE Metadata

Compilation timestamp:

8/6/2014 12:16:57 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:z/dz/EjjnvmI0yopuu6urh7vCECCiaOBGoEhuOUej:qnvj0dR6uroEcaOBI8zY

Entry address:

0x1E064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 9A, C7, FF, FF, CC, CC, D0, E0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 36, E9, 01, 00, 10, 00, 01, 00, C0, E0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, E9, 01, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, E9, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, E4, 01, 00, 00, 00, 00, 00, EC, E4, 01, 00, 00, 00, 00, 00, FE, E4, 01, 00... 
[+]

Entropy:

6.2755

Code size:

89 KB (91,136 bytes)

Driver

Display name:

Device Monitor Device Control Driver for Windows Vista

Service name:

IWDMDV

Type:

Kernel device driver (KernelDriver)

Group:

IWDM_BOOT_DRIVERS_LOAD_GROUP

Depends on:

USBD.SYS

Scan iwdmw764.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.