» dem8bbc.tmp
Overview
Analysis
File Details
Behaviors (1)

dem8bbc.tmp

ESLAnticheat

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLAnticheat”.

File name:

dem8bbc.tmp

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

ESLAnticheat

Version:

1.0.0.76

MD5:

837918693a35a86153fbd1a20c331a8c

SHA-1:

98722435c92cb6d59a88ad67033b8c606978886c

SHA-256:

0c5427f37c4152aa85a87da6c324729c7de9bbedaf305c1da7d33795885831d4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

2/25/2025 11:43:47 PM UTC (a few moments ago)

File size:

92.4 KB (94,656 bytes)

Product version:

1.0

Original file name:

ESLAnticheat

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dem8bbc.tmp

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/12/2014 2:53:35 PM

Valid to:

1/26/2018 11:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata

Compilation timestamp:

2/28/2017 10:39:05 AM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

Entry address:

0x1552E

Entry point:

0F, 8A, 45, E2, FF, FF, 68, CD, A0, C5, 84, E9, D8, 85, 00, 00, E9, 0E, E6, FF, FF, E9, 56, 00, 00, 00, E9, E2, 07, 00, 00, 0F, 85, FB, 09, 00, 00, 66, 0F, A3, C5, C6, 47, FF, 00, 38, F0, F5, 48, F7, C4, 08, 00, 00, 00, E9, 12, 21, 00, 00, C0, C0, 04, 0F, 82, 68, D1, FF, FF, 2C, 3D, F5, F5, F8, 0F, 87, 06, 12, 00, 00, C0, C0, 04, E9, E0, 8F, 00, 00, 85, F6, 04, 5F, 84, DD, F9, D1, E8, E9, 94, 7B, 00, 00, E9, 04, 59, 00, 00, E9, BE, 92, 00, 00, 0F, 86, 4F, D8, FF, FF, D2, DB, F6, C2, 73, F9, 8B, 7A, 24, 66... 
[+]

Code size:

11 KB (11,264 bytes)

Driver

Display name:

ESLAnticheat

Type:

Kernel device driver (KernelDriver)

Scan dem8bbc.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.