home

WdBoot.sys

Microsoft antimalware boot driver

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “Windows Defender Boot Driver”. It is included with Windows 8.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Microsoft antimalware boot driver

 
Part of the Windows 8.1 (Blue) Operating System

Version:
4.3.9431.0 (winmain_bluemp.130615-1214)

MD5:
80da2d41b14e1b6d1d879161bb012f39

SHA-1:
3f97ff1e037eebc07399cdc1908295058770e8c7

SHA-256:
f58872d5bf2fbf55d2bd838d6cf29493fd96ae25b9da04f446d73d096d478fae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/27/2024 3:54:16 AM UTC  (today)

File size:
28.4 KB (29,120 bytes)

Product version:
4.3.9431.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WdBoot.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wdboot.sys

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/10/2012 3:59:38 AM

Valid to:
10/10/2013 3:59:38 AM

Subject:
CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000148E97BFE6C9F875AB000000000014

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
384:EU3rSnnHebDp4G27yupWeRcR0xqRvIpWj/5fLZVlWaAlpWlF+wU/UlC3T926:J6ebl6nzo0YawjBjZVOlWUf3n

Driver
Display name:
Windows Defender Boot Driver

Service name:
WdBoot

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.