» acedrv11.sys
Overview
Analysis
File Details
Behaviors (1)

acedrv11.sys

ProtectDisc x64/x86 Hybrid Driver

Protect Software GmbH

It runs as a Windows 64-bit kernel mode device driver named “acedrv11”.

File name:

acedrv11.sys

Publisher:

Protect Software GmbH (signed and verified)

Product:

ProtectDisc x64/x86 Hybrid Driver

Version:

11.0.0.14 built by: WinDDK

MD5:

828e3b320f8ad28200c79e5a3e0cdc20

SHA-1:

8fe271b91bea140242dcf2b8ac2a89b5b23f7162

SHA-256:

6c35b380bf1e7aad8135a01ec7decfddff32c1bd95f2a1b0d82c6b3096977dbd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/28/2024 3:34:41 PM UTC (today)

File size:

187.1 KB (191,616 bytes)

Product version:

9.2.0.0

Original file name:

acedrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\acedrv11.sys

Digital Signature

Signed by:

Protect Software GmbH

Authority:

GlobalSign nv-sa

Valid from:

10/13/2009 11:03:35 AM

Valid to:

10/14/2011 11:03:31 AM

Subject:

E=cert@protect-software.com, CN=Protect Software GmbH, O=Protect Software GmbH, L=Dortmund, S=NRW, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001244D4657B6

File PE Metadata

Compilation timestamp:

2/24/2010 11:20:17 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:95P21ZABTtIne9zw8MFAMVnkQLVm6laZJZcBqZ0ZqZ/cZa5ZAFWZrHv4zNzAzrGg:neDKGgI3hV0dlmw7WSOfvMTVRrXX

Entry address:

0x2CCA8

Entry point:

E9, BB, EF, 01, 00, 68, 61, 6C, 2E, 64, 6C, 6C, 00, 41, F7, D0, 66, 41, D3, D9, D3, C2, 41, 0F, AB, C1, 48, 89, 4C, 24, 08, 66, 41, 0F, BA, F0, 0F, 66, 41, 0F, AC, F9, 0F, F8, 66, 41, F7, D0, 48, 89, 5C, 24, 10, 49, FF, C1, 66, 41, 21, F1, 66, 41, FF, C0, 48, 89, 74, 24, 18, 41, 0F, A5, D9, 48, 89, 7C, 24, 20, 81, D9, 4F, 76, 5C, B6, 44, 0F, BE, C2, 66, 41, 0F, BA, F9, 0A, 49, D3, C9, 55, 66, 0F, A5, FD, 66, 81, CD, 48, 78, 66, 0F, BA, FD, 01, 48, 89, E5, 66, 41, D3, E9, 66, 41, 81, F1, 99, 43, 4C, 8D, 04... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

349 KB (357,376 bytes)

Driver

Display name:

acedrv11

Type:

Kernel device driver (KernelDriver)

Scan acedrv11.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.