» XdMRx.sys
Overview
Analysis
File Details
Behaviors (1)

XdMRx.sys

Xythos Drive 64

Blackboard Inc.

It runs as a Windows file system device driver named “XdMRx”.

File name:

XdMRx.sys

Publisher:

Blackboard Inc. (signed and verified)

Product:

Xythos Drive 64

Description:

Xythos drive NG mini-redirector

Version:

1,6,16014,00

MD5:

a0661108f401f2c4bc4add1712973165

SHA-1:

7ac9da80877c63191b7bb76e8bea638eaa1b8dba

SHA-256:

ed01b4e8e4b921b4cddbff43103ca02b62d6cc34373d8573c97025285098f154

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 6:08:50 PM UTC (today)

File size:

239.5 KB (245,280 bytes)

Product version:

1,6,16014,00

Original file name:

XdMRx.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\xdmrx.sys

Digital Signature

Signed by:

Blackboard Inc.

Authority:

GlobalSign nv-sa

Valid from:

4/18/2013 10:19:42 AM

Valid to:

4/19/2015 10:19:42 AM

Subject:

CN=Blackboard Inc., OU=PD, O=Blackboard Inc., L=Washington, S=DC, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FD66262068DE2E10068BDC4E6F8345FD

File PE Metadata

Compilation timestamp:

9/10/2013 1:59:46 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:M2NQLwUGNTFzJaImDYzLCMF2HHgGxftNi:M2N/z1FVXmDYzOMF2HHHJtM

Entry address:

0x3903E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 32, 13, FD, FF, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 24, 8B, 4D, 08, 33, C0, 56, 8B, 35, B4, 00, 03, 00, 57, 89, 45, E0, 89, 45, EC, 89, 45, F0, 8D, 45, DC, 50, BF, 19, 00, 02, 00, 57, 8D, 45, 08, 50, C7, 45, DC, 18, 00, 00, 00, C7, 45, E8, 40, 02, 00, 00, 89, 4D, E4, FF, D6, 85, C0, 7C, 5B, 68, B4, 94, 04, 00, 8D, 45, F4, 50, FF, 15, 8C, 00, 03, 00, 8B, 45, 08, 83, 65, EC, 00, 83, 65, F0, 00, 89, 45, E0, 8D, 45, F4, 89, 45, E4, 8D, 45, DC, 50... 
[+]

Entropy:

6.3479

Code size:

215 KB (220,160 bytes)

Driver

Display name:

XdMRx

Type:

File system 'filter' driver (FileSystemDriver)

Group:

Network

Scan XdMRx.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.