» demb317.tmp
Overview
Analysis
File Details
Behaviors (1)

demb317.tmp

ESLAnticheat

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLAnticheat”.

File name:

demb317.tmp

Publisher:

<Turtle Entertainment> (signed by Turtle Entertainment GmbH)

Product:

ESLAnticheat

Version:

1.0.0.14

MD5:

12aeb561ed798d21aa63632d4283349f

SHA-1:

90c460a1c7bb873bc6b277c6ab023b4ce1743594

SHA-256:

5f050394c6033716444416f037275baf671cda86dc3d5d288e0868d1c0a20ee4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 4:28:48 AM UTC (today)

File size:

94.4 KB (96,704 bytes)

Product version:

1.0

Original file name:

ESLAnticheat

Common path:

C:\users\{user}\appdata\local\temp\demb317.tmp

Digital Signature

Signed by:

Turtle Entertainment GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/12/2014 2:53:35 PM

Valid to:

1/26/2018 11:17:59 AM

Subject:

CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata

Compilation timestamp:

2/2/2017 5:57:38 PM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

Entry address:

0x1E9A9

Entry point:

E9, 1D, 5F, FF, FF, E9, 2F, F8, FF, FF, 0F, 82, 93, 50, FF, FF, 38, C8, E9, 80, 13, FF, FF, 10, C0, E9, EE, 15, FF, FF, E9, AF, 60, FF, FF, FE, C0, E9, 8A, EC, FF, FF, 83, FB, 03, E9, 91, B7, FF, FF, E9, EC, FF, FF, FF, F5, 48, 01, F8, F8, 48, 39, D0, E9, 97, F0, FF, FF, 0F, 84, E2, AB, FF, FF, 0F, 82, D9, EA, FF, FF, 66, 0F, BA, E7, 0D, 83, FB, 0A, E9, 89, 5C, FF, FF, E9, 59, 4D, FF, FF, 10, C0, E9, FD, 6B, FF, FF, E9, DE, 00, 00, 00, E9, 30, F7, FF, FF, 0F, 86, 51, 1C, FF, FF, 48, 8D, 99, D5, 7D, E7, 8C... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

11 KB (11,264 bytes)

Driver

Display name:

ESLAnticheat

Type:

Kernel device driver (KernelDriver)

Scan demb317.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.