» WdBoot.sys
Overview
Analysis
File Details

WdBoot.sys

Microsoft Malware Protection

Microsoft Corporation

File name:

WdBoot.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Malware Protection

Description:

Microsoft antimalware boot driver

Part of the Windows Operating System

Version:

4.6.0300.0

MD5:

02969e220c69344334e406ebdc50504b

SHA-1:

8fd307fddb300991dac68fdbc3a1f8eba4af14e4

SHA-256:

ebc0de0e2bc56e9cac28c8fa56808333bbe813116bc5968072e78f4827f26ac0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

5/4/2024 4:09:12 AM UTC (today)

File size:

29 KB (29,688 bytes)

Product version:

4.6.0300.0

Original file name:

WdBoot.sys

File type:

Driver (Win32 SYS)

Language:

engleski (Sjedinjene Države)

Common path:

C:\Windows\System32\drivers\wdboot.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

9/24/2013 7:35:59 PM

Valid to:

12/24/2014 6:35:59 PM

Subject:

CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000353AFBBA2861C70171000000000035

File PE Metadata

Compilation timestamp:

7/10/2014 2:14:09 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

384:aryzMnvDGDp4G218uz/JhAUTAo77vI1I0qe/1TWahxWXczqjdRHDMlauwxjzg:+lDGlsX3TACk2ZC1ZadxFDnuwFzg

Entry address:

0x1494

Entry point:

8B, FF, 55, 8B, EC, E8, E8, 62, 00, 00, 8B, 55, 0C, 8B, 4D, 08, E8, 5D, 5B, 00, 00, 5D, C2, 08, 00, CC, CC, CC, CC, CC, 3B, 0D, 04, 40, 01, 00, 75, 03, C2, 00, 00, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 89, 4D, FC, 6A, 02, 59, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 8B, 4D, 08, 8B, 55, 0C, 53, 8A, 41, 04, 8A, 5A, 04, 3A, C3, 73, 06, 83, C8, FF, 5B, 5D, C3, 76, 08, B8, 01, 00, 00, 00, 5B, 5D, C3, 0F, B7, 41, 06, 56, 0F, B7, 72, 06, 66, 3B, C6, 73, 07, 5E, 83... 
[+]

Code size:

15 KB (15,360 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.