RDPDR.SYS

Microsoft RDP Device redirector

Microsoft Corporation

It runs as a Windows kernel mode device driver named “Terminal Server Device Redirector Driver”.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Microsoft RDP Device redirector

 
Part of the Windows XP Operating System

Version:
5.1.2600.2689 (xpsp.050601-1520)

MD5:
762c391bd3123754f9cbdf6c4269b55b

SHA-1:
9b8334d604eeebe6b40760b5a9fc5cf228bb3e21

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/4/2016 1:02:12 AM UTC  (today)

File size:
190.6 KB (195,200 bytes)

Product version:
5.1.2600.2689

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RDPDR.SYS

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\rdpdr.sys

File PE Metadata
Compilation timestamp:
6/2/2005 6:12:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
3072:eAMGNOaTT1lu09t/V4ewGQqkVshqGpdgqQZpxYHzmRb44AK9wVee:XuodvVhZ2pKTiDyV

Entry address:
0x2B205

Entry point:
8B, FF, 55, 8B, EC, A1, 80, 3A, 02, 00, 85, C0, B9, 40, BB, 00, 00, 74, 04, 3B, C1, 75, 23, 8B, 15, EC, 2A, 02, 00, B8, 80, 3A, 02, 00, C1, E8, 08, 33, 02, 25, FF, FF, 00, 00, A3, 80, 3A, 02, 00, 75, 07, 8B, C1, A3, 80, 3A, 02, 00, F7, D0, A3, 7C, 3A, 02, 00, 5D, E9, 36, FD, FF, FF, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 55, 08, 57, 6A, 1B, 8D, 7A, 38, 59, B8, C8, 50, 02, 00, F3, AB, 33, C0, C7, 05, A4, 47, 02, 00, 68, 3B, 02, 00, C7, 42, 28, 80, 45, 02, 00, C7, 05, 80, 45, 02, 00, 70, 00, 00, 00...
 
[+]

Entropy:
6.5785

Code size:
170.5 KB (174,592 bytes)

Driver
Display name:
Terminal Server Device Redirector Driver

Service name:
rdpdr

Type:
Kernel device driver (KernelDriver)