home

redlight.sys

Trustware 101 Ltd.

It runs as a Windows file system device driver named “REDLIGHT”.
Publisher:
BufferZone  (signed by Trustware 101 Ltd.)

Product:
BufferZone

Description:
BufferZone Kernel Module

Version:
5, 1, 2601, 252

MD5:
74c5914ffb0c7b0b977371fa30ad2237

SHA-1:
b7f405b28fedf360306ccd89cf878b5b96b2c882

SHA-256:
7f5fff7f9ee3d48cc6ea0f3a2c7687a9ef9946c4cbc47e4590e82a99f989860a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 4:18:44 AM UTC  (today)

File size:
400 KB (409,568 bytes)

Product version:
0.20

Copyright:
© BufferZone. All rights reserved.

Original file name:
redlight.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\redlight.sys

Digital Signature
Signed by:
Trustware 101 Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/27/2011 2:41:56 PM

Valid to:
11/26/2012 12:00:39 PM

Subject:
CN=Trustware 101 Ltd., O=Trustware 101 Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112175D03F965BD9B4120910889B22E3D1F2

File PE Metadata
Compilation timestamp:
5/22/2012 7:58:28 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:n9K3T0GS72xkd+fvhgZpbDkMqVDMdBnbmc0y6VHQdMj:no3z5xkd2ZQ9QNM3mx6dMj

Entry address:
0x37503E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 12, 54, CC, FF, CC, CC, 00, 51, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1C, 5E, 37, 00, 60, 20, 05, 00, DC, 50, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9E, 5E, 37, 00, 3C, 20, 05, 00, A0, 50, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 5F, 37, 00, 00, 20, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 58, 5F, 37, 00, BC, 5E, 37, 00, D2, 5F, 37, 00, BA, 5F, 37, 00, A6, 5F, 37, 00, 8C, 5F, 37, 00, 74, 5F, 37, 00, A6, 5E...
 
[+]

Code size:
330 KB (337,920 bytes)

Driver
Display name:
REDLIGHT

Type:
File system 'filter' driver (FileSystemDriver)

Group:
Filter


Scan redlight.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.