» dem69c1.tmp
Overview
Analysis
File Details
Behaviors (1)

dem69c1.tmp

ESLAnticheat

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLAnticheat”.

File name:

dem69c1.tmp

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

ESLAnticheat

Version:

1.0.0.77

MD5:

2aef74401210078f10b41771f1c7fd73

SHA-1:

d9fc3ccf23f5f24f452ff2bfc540432697853f4b

SHA-256:

b765260b49d709e25531faa78daa6d7c2ae008ba76e98b24377e906a2da4202a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 4:43:18 AM UTC (today)

File size:

87.9 KB (90,048 bytes)

Product version:

1.0

Original file name:

ESLAnticheat

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dem69c1.tmp

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/12/2014 2:53:35 PM

Valid to:

1/26/2018 11:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata

Compilation timestamp:

3/1/2017 11:27:28 AM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

Entry address:

0x1CD98

Entry point:

E9, 7A, DD, FF, FF, E9, 9C, 70, FF, FF, E9, 6D, D6, FF, FF, FE, C8, F8, F9, C0, C8, 07, 84, CC, F9, F6, C2, B5, 34, E4, 66, 0F, BA, E6, 01, 66, 0F, A3, E9, F9, F6, D8, F5, 66, 0F, BA, E0, 09, 3A, 07, F6, D4, 48, 8D, 7F, 01, 48, 8D, 81, 83, A0, D5, DA, 0F, 99, C4, 58, E9, BC, 71, FF, FF, E8, 44, D4, FF, FF, E9, 2F, 75, FF, FF, 0F, 85, 23, 75, FF, FF, E9, 5A, 6A, FF, FF, E9, D4, CD, FF, FF, E8, 72, 59, FF, FF, E9, E4, 7B, FF, FF, 0F, 85, 09, 75, FF, FF, E9, 1D, DA, FF, FF, E8, E5, DC, FF, FF, E9, 23, B1, FF... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

11 KB (11,264 bytes)

Driver

Display name:

ESLAnticheat

Type:

Kernel device driver (KernelDriver)

Scan dem69c1.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.