» rbudrv64.sys
Overview
Analysis
File Details

rbudrv64.sys

RBUDrv

Wistron Corporation

File name:

rbudrv64.sys

Publisher:

Wistron Corp. (signed by Wistron Corporation)

Product:

RBUDrv

Description:

Remote BIOS Update

Version:

1, 0, 0, 1

MD5:

1cd98841cc1abd6e49864dccde89590a

SHA-1:

d1dd83af24deb95c04811fdeca1ea76e91093059

SHA-256:

8c589cad40d321e13e52a44c226bf9992a036d96cdfc513b72bbc0c94fab09e6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 7:40:39 PM UTC (today)

File size:

13.2 KB (13,560 bytes)

Product version:

1, 0, 0, 1

Original file name:

RBUDrv.sys

File type:

Driver (Win64 SYS)

Language:

Chinese (Traditional, Taiwan)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\rbudrv64.sys

Digital Signature

Signed by:

Wistron Corporation

Authority:

VeriSign, Inc.

Valid from:

3/15/2009 8:00:00 PM

Valid to:

3/16/2012 7:59:59 PM

Subject:

CN=Wistron Corporation, OU=OS Certification Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Wistron Corporation, L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4AF7F3361B2ECA01F3E52D4E469422E0

File PE Metadata

Compilation timestamp:

5/8/2009 12:33:02 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

384:P3OmPHRLUc0Kf1XNyWydd6jBxbBIzvbKxe8/DuKtpB:P3OmPSc3fhDyPmHbBsvbGe8buKtj

Entry address:

0x1088

Entry point:

48, 8B, 05, F1, FE, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, FE, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, FE, FF, FF, 48, F7, D0, 48, 89, 05, AC, FE, FF, FF, E9, 27, F2, FF, FF, CC, CC, CC, 10, 11, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 58, 12, 00, 00, 00, 0D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6107

Code size:

3.1 KB (3,200 bytes)

Scan rbudrv64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.