home

tdfilefilter.sys

Nanjing Universal Networks Co.,Ltd

It runs as a Windows file system device driver named “TDFileFilter”.
Publisher:
Nanjing Universal Networks Co.,Ltd  (signed and verified)

MD5:
cf1c9412b372e0034608e46a30c9615d

SHA-1:
cc740f67163632f361e44bfae3b564d49628e189

SHA-256:
db862534f1fb9d0900acf10ae2f35c537075d4506923089d4f70924c1e54c53f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:22:57 PM UTC  (today)

File size:
21.9 KB (22,400 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\tdfilefilter.sys

Digital Signature
Signed by:
Nanjing Universal Networks Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
8/9/2011 8:00:00 AM

Valid to:
9/8/2014 7:59:59 AM

Subject:
CN="Nanjing Universal Networks Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Universal Networks Co.,Ltd", L=Nanjing, S=Jiangsu, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
25B7394B7D09F9F6EB060AA624013DF5

File PE Metadata
Compilation timestamp:
1/5/2013 11:01:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
384:XfIJntVyYeVSeT3/4acAUMKgEtebvhmLxDPp6GUHeM0t:PUyBSeTv4tDezwf

Entry address:
0x6000

Entry point:
83, EC, 24, 8B, 44, 24, 28, 53, 56, 57, 68, 1C, 40, 01, 00, 33, FF, 68, 20, 31, 01, 00, 50, 89, 7C, 24, 18, B3, 01, 66, 89, 3D, 10, 40, 01, 00, 66, 89, 3D, 12, 40, 01, 00, 89, 3D, 14, 40, 01, 00, E8, 28, C6, FF, FF, 8B, F0, 3B, F7, 7D, 18, A1, 1C, 40, 01, 00, 3B, C7, 0F, 84, BB, 00, 00, 00, 50, E8, 57, C6, FF, FF, E9, B0, 00, 00, 00, 8B, 0D, 1C, 40, 01, 00, 51, E8, 1C, C6, FF, FF, 8B, F0, 3B, F7, 7C, D6, 68, 01, 00, 1F, 00, 8D, 54, 24, 10, 52, E8, E3, C5, FF, FF, 8B, F0, 3B, F7, 0F, 8C, 85, 00, 00, 00, 8B...
 
[+]

Entropy:
6.5217

Code size:
10 KB (10,240 bytes)

Driver
Display name:
TDFileFilter

Description:
FilterDriver for Windows 2K/XP/VISTA/7

Type:
File system 'filter' driver (FileSystemDriver)

Group:
FSFilter Activity Monitor

Depends on:
FltMgr


Scan tdfilefilter.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.