» redlight.sys
Overview
Analysis
File Details
Behaviors (1)

redlight.sys

Trustware 101 Ltd.

It runs as a Windows 64-bit file system device driver named “REDLIGHT”.

File name:

redlight.sys

Publisher:

BufferZone (signed by Trustware 101 Ltd.)

Product:

BufferZone

Description:

BufferZone Kernel Module

Version:

5, 1, 2601, 252

MD5:

71b6f4953074511bf2bfa6ebed913bc6

SHA-1:

a334e72bfa5e495153cf9f097e03971e0af3116e

SHA-256:

278e3d9400dd50ca6f666da34f0e2c1835626748ee88c2ba20f82778d150d07a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 9:55:23 PM UTC (today)

File size:

369.3 KB (378,144 bytes)

Product version:

0.20

Original file name:

redlight.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\redlight.sys

Digital Signature

Signed by:

Trustware 101 Ltd.

Authority:

The USERTRUST Network

Valid from:

1/3/2010 6:00:00 PM

Valid to:

1/4/2011 5:59:59 PM

Subject:

CN=Trustware 101 Ltd., O=Trustware 101 Ltd., STREET=2 Hanechoshet St., L=Tel Aviv, S=Israel, PostalCode=69710, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

008042A0D467722D4E8E13C7673F8B4D9A

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:WzW8mELNd1F/dGS6I/buRDXePbX1dqGXDwRcNwtI:iPmiL/dyI/buWb7Si

Entry point:

8B, FF, 55, 8B, EC, A1, C4, 30, 06, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1A, A1, A0, C1, 05, 00, 8B, 00, 35, C4, 30, 06, 00, A3, C4, 30, 06, 00, 75, 07, 8B, C1, A3, C4, 30, 06, 00, F7, D0, A3, C8, 30, 06, 00, 5D, E9, 5D, 64, CC, FF, CC, A4, E0, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, AA, EB, 36, 00, 24, C0, 04, 00, 80, E0, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2C, EC, 36, 00, 00, C0, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AA, F0, 36, 00, 80... 
[+]

Entropy:

6.2501

Driver

Display name:

REDLIGHT

Type:

File system 'filter' driver (FileSystemDriver)

Group:

Filter

Scan redlight.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.