home

bedaisy.sys

Bastian Suter

It runs as a Windows kernel mode device driver named “BEDaisy”.
Publisher:
Bastian Suter  (signed and verified)

MD5:
2d30c4c55ea5c0b85a49e3cdcca53cd7

SHA-1:
b99d4e255ee785f176d5633eb7f558af59f4288c

SHA-256:
ade79a99e30e06de86af5d872a9de704b532603058481746adf19e23e4dafc6d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/14/2025 11:41:51 AM UTC  (today)

File size:
206.8 KB (211,776 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\common files\battleye\bedaisy.sys

Digital Signature
Signed by:
Bastian Suter

Authority:
DigiCert Inc

Valid from:
4/20/2015 9:30:00 AM

Valid to:
6/13/2018 9:30:00 PM

Subject:
CN=Bastian Suter, O=Bastian Suter, L=Tübingen, S=Baden-Württemberg, C=DE

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CEC25760619513A72214FB3C86C376D

File PE Metadata
Compilation timestamp:
6/2/2015 9:47:40 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:jaCI37z1LiZdDSRLbC3N7K7dZ0lAtGmW4Npj+:3ifj4+ulG80t

Entry address:
0x50714

Entry point:
50, 9C, 88, 7C, 24, 04, E9, 84, F2, FF, FF, 9C, 68, DB, B1, BF, A0, E9, 51, A9, FD, FF, F9, 34, 1C, E9, D6, A7, FD, FF, D1, E0, 68, 7C, 3F, A6, D8, E8, F6, AF, FD, FF, 8D, 64, 24, 08, 0F, 82, 7F, 00, 00, 00, 9C, 60, 80, 7F, FF, 00, E8, D7, F0, FF, FF, 00, 00, 45, 78, 41, 6C, 6C, 6F, 63, 61, 74, 65, 50, 6F, 6F, 6C, 00, F6, DA, 66, F7, C2, 81, 0D, 66, 39, C1, 66, 9D, 9C, 51, 46, 60, FF, 74, 24, 0C, 10, D2, 8D, 64, 24, 2C, 60, 9C, 9C, FF, 74, 24, 28, C2, 2C, 00, 8B, 7A, 24, 38, C2, F5, D2, FD, 60, 01, C7, F6...
 
[+]

Entropy:
7.8005  (probably packed)

Code size:
9 KB (9,216 bytes)

Driver
Display name:
BEDaisy

Type:
Kernel device driver (KernelDriver)


Scan bedaisy.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.