home

redlight.sys

Trustware 101 Ltd.

It runs as a Windows 64-bit file system device driver named “REDLIGHT”.
Publisher:
BufferZone  (signed by Trustware 101 Ltd.)

Product:
BufferZone

Description:
BufferZone Kernel Module

Version:
5, 1, 2601, 252

MD5:
6ae4373d6d554ec825436da9e262ff00

SHA-1:
a89af6239e4efd81940d7519c9911963d1d0bb7f

SHA-256:
458864cd0de7a52f31c2fd1c6fd5db719aeceed7394a58eaa08735ab4c55cd70

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 9:26:54 AM UTC  (today)

File size:
449.4 KB (460,192 bytes)

Product version:
0.20

Copyright:
© BufferZone. All rights reserved.

Original file name:
redlight.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\redlight.sys

Digital Signature
Signed by:
Trustware 101 Ltd.

Authority:
GlobalSign nv-sa

Valid from:
11/6/2012 12:16:01 PM

Valid to:
12/27/2014 12:00:38 PM

Subject:
CN=Trustware 101 Ltd., O=Trustware 101 Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112151340D1959436EE08243F47C02603872

File PE Metadata
Compilation timestamp:
2/17/2013 12:52:57 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:DEGRrtcX+jEnzXzSW+T0KrXZ5l2ZW0vkISCl2kscEOzAYcbPo:gGV+WrXZ5lSkf6Eurmo

Entry address:
0x577064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 5E, A7, AC, FF, CC, CC, 70, 71, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, 64, 80, 57, 00, 98, 20, 06, 00, D8, 70, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, EC, 81, 57, 00, 00, 20, 06, 00, 60, 71, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, 62, 85, 57, 00, 88, 20, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2A, 81, 57, 00, 00, 00, 00, 00, D8, 81, 57, 00...
 
[+]

Code size:
392 KB (401,408 bytes)

Driver
Display name:
REDLIGHT

Type:
File system 'filter' driver (FileSystemDriver)

Group:
Filter


Scan redlight.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.