» WdBoot.sys
Overview
Analysis
File Details
Behaviors (1)

WdBoot.sys

Microsoft antimalware boot driver

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “WdBoot”. It is installed as part of Windows 8.

File name:

WdBoot.sys

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Microsoft antimalware boot driver

Part of the Windows 8 Operating System

Version:

4.0.8400.0 (winmain_win8rc.120518-1423)

MD5:

2482d6b13ef36f3b8de6f9e1cef5bb31

SHA-1:

e06b6055dfdaf18c3b7eeecc1b266258ca6a05d0

SHA-256:

8bf9ec033c7baf580cd7c7979a6f2d08ccadbb1b64604a3702c8f020eeea64ec

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/25/2024 11:24:28 AM UTC (today)

File size:

27.4 KB (28,016 bytes)

Product version:

4.0.8400.0

Original file name:

WdBoot.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\wdboot.sys

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

4/11/2011 5:39:42 PM

Valid to:

7/11/2012 5:49:42 PM

Subject:

CN=Microsoft Windows Early Launch Anti-malware Publisher, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6108217B000000000006

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

384:u3hxovW6cFML5Ca6fJRGCXIRvfhGZmLdWaoIpWv+MW3lR/oU:u3fwTLkRnaH8UeIjMagU

Driver

Display name:

WdBoot

Type:

Kernel device driver (KernelDriver)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.