» demb153.tmp
Overview
Analysis
File Details
Behaviors (1)

demb153.tmp

ESLAnticheat

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLAnticheat”.

File name:

demb153.tmp

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

ESLAnticheat

Version:

1.0.0.93

MD5:

408a458c84c2f30736eb89283460b090

SHA-1:

1b22d7bfd2d7f5cfdae11dbea86d1a8f8005d29d

SHA-256:

ce89ce13e5ecda954cfb2b61332c78581c80c302cdec151b958e0616479b5cc2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 4:23:06 AM UTC (today)

File size:

97.4 KB (99,776 bytes)

Product version:

1.0

Original file name:

ESLAnticheat

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\demb153.tmp

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/12/2014 7:53:35 AM

Valid to:

1/26/2018 4:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata

Compilation timestamp:

3/6/2017 11:35:30 AM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

Entry address:

0x1B545

Entry point:

E9, AA, BF, FF, FF, E9, C3, 2F, 00, 00, 0F, 83, 9E, A3, FF, FF, F7, DF, 48, 89, C3, 66, C1, EF, 0B, 48, 89, C7, 48, 0F, A5, E1, B9, 04, 01, 00, 00, F9, 30, C0, 66, 0F, BA, E1, 02, F2, AE, E9, 19, 5D, FF, FF, 0F, 84, 92, BC, FF, FF, F5, 66, 0F, A3, FD, 2C, 30, F8, 80, F9, 34, 3C, 09, E9, 86, 8B, FF, FF, E9, 9C, 4C, FF, FF, B0, 98, AC, E9, 2D, F9, FF, FF, E9, 91, 8A, FF, FF, E9, D2, 00, 00, 00, 09, C9, E9, 68, AA, FF, FF, E9, EF, AC, FF, FF, 10, D2, C3, FE, C8, F5, F8, E9, 69, A6, FF, FF, FF, 10, F6, D4, 0F... 
[+]

Entropy:

7.3010

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

15.5 KB (15,872 bytes)

Driver

Display name:

ESLAnticheat

Type:

Kernel device driver (KernelDriver)

Scan demb153.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.