» rlwpd.sys
Overview
Analysis
File Details
Behaviors (1)

rlwpd.sys

Trustware 101 Ltd.

It runs as a Windows 64-bit kernel mode device driver named “Rlwpd”.

File name:

rlwpd.sys

Publisher:

BufferZone (signed by Trustware 101 Ltd.)

Product:

BufferZone

Description:

BufferZone WPD Filter Driver

Version:

5, 1, 2601, 252

MD5:

c4899957c222bf894e9d6163e5fccbe3

SHA-1:

0df43967ec18498514e68b8d8e66e6fa84729afe

SHA-256:

931cb66d7695e8c6221b0b59a365981138f5566b9f28c5d058fe37200e80d49e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 10:33:15 AM UTC (today)

File size:

23.4 KB (23,968 bytes)

Product version:

0.20

Original file name:

rlwpd.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\rlwpd.sys

Digital Signature

Signed by:

Trustware 101 Ltd.

Authority:

GlobalSign nv-sa

Valid from:

11/6/2012 6:16:00 AM

Valid to:

12/27/2014 6:00:00 AM

Subject:

CN=Trustware 101 Ltd., O=Trustware 101 Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112151340D1959436EE08243F47C02603872

File PE Metadata

Compilation timestamp:

12/29/2013 4:30:30 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:R4aLeUZc/Y8F4yCEi4TU/2wp0H1PsJke1E63n2KtSYtPLQdUb+foF:R4aLIY8eV4T2CBsJkey632VGiwF

Entry address:

0x3138

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, BB, 4E, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, AE, FE, FF, FF, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, 05, 8F, 20, 00, 00, 48, 8B, F9, 48, 8D, 0D, 6D, 20, 00, 00, 48, 8D, 1D, 76, 20, 00, 00, 48, 3B, C1, 74, 45, 48, 3B, D8, 77, 40, 48, 8B, 43, 40, 48, 85, C0, 74, 18, 4C, 8B, 05, 24, 2D, 00, 00, 48, 8D, 0D, A3, 04, 00, 00, 4C, 8B, CB, 48, 8B, D7, FF, D0, EB, 12, 48, 8B, 15... 
[+]

Entropy:

6.0548

Code size:

11 KB (11,264 bytes)

Driver

Display name:

Rlwpd

Type:

Kernel device driver (KernelDriver)

Scan rlwpd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.