home

gdbehave.sys

G Data Security Software

G DATA Software AG

It runs as a Windows kernel mode device driver named “GDBehave”.
Publisher:
G DATA Software AG  (signed and verified)

Product:
G Data Security Software

Description:
Behavior Blocker

Version:
1.0.17009.333

MD5:
dc3435915840290ffb576b46391798d0

SHA-1:
931fd8c79e5a2a04fe5fe91d1002b26bdc0857e1

SHA-256:
4147ade4bf640a3705e7a2b117869dd019fea317c896b35928b0c48c2733c5c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/20/2024 1:11:28 AM UTC  (today)

File size:
142.6 KB (145,976 bytes)

Product version:
1, 0, 0, 0

Copyright:
G Data Software AG 2009

File type:
Driver (Win32 SYS)

Language:
German (Germany)

Common path:
C:\Windows\System32\drivers\gdbehave.sys

Digital Signature
Signed by:
G DATA Software AG

Authority:
GlobalSign nv-sa

Valid from:
11/11/2016 3:26:45 PM

Valid to:
11/23/2019 4:05:34 PM

Subject:
E=sign@gdata.de, CN=G DATA Software AG, O=G DATA Software AG, L=Bochum, S=Nordrhein-Westfalen, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:
6EE210E8636128A43529604F

File PE Metadata
Compilation timestamp:
1/9/2017 5:33:55 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x1C03E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, B9, 49, FF, FF, CC, CC, B0, C0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, CB, 01, 00, 24, 80, 01, 00, 8C, C0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, CC, 01, 00, 00, 80, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, CC, 01, 00, 0C, CC, 01, 00, FE, CB, 01, 00, F0, CB, 01, 00, DC, CB, 01, 00, BA, CB, 01, 00, 98, CB, 01, 00, D4, CC, 01, 00, 00, 00, 00, 00, 34, C3, 01, 00, 52, C3, 01, 00, 5E, C3, 01, 00, 76, C3...
 
[+]

Code size:
94.5 KB (96,768 bytes)

Driver
Display name:
GDBehave

Type:
Kernel device driver (KernelDriver)


Scan gdbehave.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.