» TRID6200.sys
Overview
Analysis
File Details
Behaviors (1)

TRID6200.sys

Timeleak HDCAP Series

Beijing MingDeHongYuan Tech Develop Ltd.

It runs as a Windows 64-bit kernel mode device driver named “hd60a service”.

File name:

TRID6200.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by Beijing MingDeHongYuan Tech Develop Ltd.)

Product:

Timeleak HDCAP Series

Description:

Timeleak HDCAP WDM Driver

Version:

1.02.00 built by: WinDDK

MD5:

dd3e117849ae33526fa5c8ae51ed9f37

SHA-1:

cef20d94633a37f3af62b8d3628cc6db6f9c1554

SHA-256:

d70fc3e6e6a0cdb4e9e2dfdf42bf6c97b3cb3de75d6fb7b6dbe89e13b4c37a1f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/30/2024 10:27:15 AM UTC (today)

File size:

643.7 KB (659,104 bytes)

Product version:

1.02.00

Original file name:

TRID6200.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\trid6200.sys

Digital Signature

Signed by:

Beijing MingDeHongYuan Tech Develop Ltd.

Authority:

GlobalSign nv-sa

Valid from:

9/25/2009 1:40:27 PM

Valid to:

9/25/2010 1:40:27 PM

Subject:

E=RFL1007@263.net, CN=Beijing MingDeHongYuan Tech Develop Ltd., O=Beijing MingDeHongYuan Tech Develop Ltd., C=CN

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000123EFE5FAB7

File PE Metadata

Compilation timestamp:

8/30/2010 3:34:58 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0x99FE4

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 86, 63, F6, FF, CC, CC, 90, A1, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, DA, A3, 09, 00, A8, 84, 03, 00, A8, A0, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, A7, 09, 00, C0, 83, 03, 00, C0, A0, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, A2, A9, 09, 00, D8, 83, 03, 00, 68, A0, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, 44, AA, 09, 00, 80, 83, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.0181

Code size:

226.8 KB (232,192 bytes)

Driver

Display name:

hd60a service

Service name:

TRIDCap

Description:

The hd60a capture driver

Type:

Kernel device driver (KernelDriver)

Scan TRID6200.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.