home

RDPBUS.SYS

Microsoft RDP Bus Device driver

Microsoft Corporation

It runs as a Windows 64-bit kernel mode device driver named “Remote Desktop Device Redirector Bus Driver”.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Microsoft RDP Bus Device driver

 
Part of the Windows Operating System

Version:
10.0.14393.0 (rs1_release.160715-1616)

MD5:
79a415e6fa915efc00297dab16ec2635

SHA-1:
29a8a099edba697dd7f1489ff16d9374059e6b4b

SHA-256:
47bb49f6d756214193d38a4ab182b541aac180381c3111ff7f9b0ad4c44d8733

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/19/2024 4:47:27 AM UTC  (today)

File size:
25.5 KB (26,112 bytes)

Product version:
10.0.14393.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RDPBUS.SYS

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\rdpbus.sys

File PE Metadata
Compilation timestamp:
7/16/2016 4:11:15 AM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
14.0

CTPH (ssdeep):
384:32aXUCWecY4pcEs4cTDaHsYfrKAShF7hTOmAhYLYQl9iaIBvWcEuW:V1WecY4pRs4cTcsCrKAkCBYLHV

Entry address:
0xA000

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, D9, E8, AE, 00, 00, 00, 33, FF, 48, C7, 05, 29, A2, FF, FF, 01, 00, 00, 00, 48, 8D, 05, AA, 90, FF, FF, 48, 89, 3D, F3, A1, FF, FF, 48, 89, 05, F4, A1, FF, FF, 48, 89, 3D, F5, A1, FF, FF, 48, 89, 3D, FE, A1, FF, FF, E8, 59, E0, FF, FF, 48, 89, 3D, F2, A1, FF, FF, E8, DD, DF, FF, FF, 48, 8D, 05, 66, EA, FF, FF, 48, 89, 43, 68, 48, 8D, 0D, 5B, 72, FF, FF, 48, 8B, 43, 30, 48, 8D, 15, 90, 6F, FF, FF, 48, 89, 48, 08, 48, 8D, 43, 70, 8D, 4F, 03, 48, 89, 10, 48, 89...
 
[+]

Code size:
15.5 KB (15,872 bytes)

Driver
Display name:
Remote Desktop Device Redirector Bus Driver

Service name:
rdpbus

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.