» dema5d0.tmp
Overview
Analysis
File Details
Behaviors (1)

dema5d0.tmp

EslWireACD

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLWireAC”.

File name:

dema5d0.tmp

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

EslWireACD

Version:

1.0.0.6195

MD5:

e44d8058030c82a44ea5f938f84c67dd

SHA-1:

f2e156d8ec55b7fbbb3d7e7ce03dc1c534f6dda2

SHA-256:

7b2911e8e69e97d451f26ef60a7165b826b93a981538461b0ea69f7ce08ece1b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 4:31:50 AM UTC (today)

File size:

114.6 KB (117,384 bytes)

Product version:

1.0

Original file name:

EslWireACD

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dema5d0.tmp

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/12/2014 2:53:35 PM

Valid to:

1/26/2018 11:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata

Compilation timestamp:

3/13/2017 11:06:41 AM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

Entry address:

0x5ADBD

Entry point:

E9, 0A, 08, 00, 00, E9, 91, 60, 00, 00, E9, 6D, 38, 00, 00, E9, 47, 1D, 00, 00, 0F, 83, 23, EB, FF, FF, E9, 6E, D6, FF, FF, 0F, 85, 18, EB, FF, FF, 0F, 9C, C1, 66, 0F, BE, C9, B1, 97, 89, F9, E9, 6A, 41, 00, 00, 0F, 84, 5D, 5A, 00, 00, E9, B8, 12, 00, 00, F5, 0F, 83, B2, CD, FF, FF, 66, 19, F2, 8B, 96, 88, 00, 00, 00, 0F, BA, E4, 15, F9, 0F, 87, 7D, 50, 00, 00, 66, 81, FB, 6B, 63, 85, D2, E9, 6D, 22, 00, 00, 13, 76, 2A, 4D, B6, 8F, 3E, 74, CD, B5, 4B, 15, C4, 36, AD, 8E, 05, 40, 40, 37, 30, F0, C3, 78, 07... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

19 KB (19,456 bytes)

Driver

Display name:

ESLWireAC

Type:

Kernel device driver (KernelDriver)

Scan dema5d0.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.