» QGPEFlt.sys
Overview
Analysis
File Details
Behaviors (1)

QGPEFlt.sys

Privilege Authority

ScriptLogic Corp.

It runs as a Windows file system device driver named “QGPEFlt”.

File name:

QGPEFlt.sys

Publisher:

ScriptLogic Corporation (signed by ScriptLogic Corp.)

Product:

Privilege Authority

Description:

ScriptLogic Privilege Authority MiniFilter Driver

Version:

4.0.3.17

MD5:

55ff7eee15726761cf4dd64894fc5570

SHA-1:

bf8af67a8f74a09d742fb20209b0f346adffe55e

SHA-256:

d52ba9469e7fe49126ae0a0e2753f1fb221659d92ec4cac978b418918404bfc8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 12:01:24 AM UTC (today)

File size:

31.3 KB (32,080 bytes)

Product version:

4.0.3.17

Original file name:

QGPEFlt.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\common files\scriptlogic corporation\privilege authority\client\driver\qgpeflt.sys

Digital Signature

Signed by:

ScriptLogic Corp.

Authority:

VeriSign, Inc.

Valid from:

5/5/2010 2:00:00 AM

Valid to:

7/22/2012 1:59:59 AM

Subject:

CN=ScriptLogic Corp., OU=Product Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ScriptLogic Corp., L=Boca Raton, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E8FD43EF32881C2B530792445784DF7

File PE Metadata

Compilation timestamp:

6/7/2011 10:30:46 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:KSqLn31LFSxFg/+euwm2J0cCN/GMs3+fHeLWXbC59V:KlT2lJY2earC5n

Entry address:

0x544E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, CC, B0, FF, FF, CC, CC, 20, 55, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 59, 00, 00, 70, 47, 00, 00, 0C, 55, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 59, 00, 00, 5C, 47, 00, 00, B0, 54, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, 5B, 00, 00, 00, 47, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, 5B, 00, 00, 7A, 5B, 00, 00, 62, 5B, 00, 00, 4C, 5B, 00, 00, 34, 5B, 00, 00, 10, 5B, 00, 00, F2, 5A, 00, 00, D6, 5A... 
[+]

Entropy:

6.5453

Code size:

18.8 KB (19,200 bytes)

Driver

Display name:

QGPEFlt

Description:

QGPE mini-filter driver

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Security Enhancer

Depends on:

FltMgr

Scan QGPEFlt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.