» dsfs64.sys
Overview
Analysis
File Details
Behaviors (1)

dsfs64.sys

阿里巴巴企业安全服务

Alibaba (China) Network Technology Co.,Ltd.

It runs as a Windows 64-bit file system device driver named “DsFs”.

File name:

dsfs64.sys

Publisher:

阿里巴巴（中国）有限公司 (signed by Alibaba (China) Network Technology Co.,Ltd.)

Product:

阿里巴巴企业安全服务

Description:

阿里巴巴企业安全服务组件

Version:

5.0.64.0

MD5:

444ad67cc2ee767a22d6aebed17562ed

SHA-1:

e04d6aba6c0d676da84defa79eee339fed3fce50

SHA-256:

f5b5fa7706b8df172dcaf686ef51ab21f8771c9f1baa16a9a69a4d9ebefa1004

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 10:27:04 AM UTC (today)

File size:

88.4 KB (90,568 bytes)

Product version:

5.0.64.0

Original file name:

DsFs

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\alibaba\entsafemgr\dsfs64.sys

Digital Signature

Signed by:

Alibaba (China) Network Technology Co.,Ltd.

Authority:

Symantec Corporation

Valid from:

12/2/2016 8:00:00 AM

Valid to:

12/3/2018 7:59:59 AM

Subject:

CN="Alibaba (China) Network Technology Co.,Ltd.", OU=RDC, O="Alibaba (China) Network Technology Co.,Ltd.", L=Hangzhou, S=Zhejiang, C=CN, SERIALNUMBER=91330100716105852F, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Hangzhou, OID.1.3.6.1.4.1.311.60.2.1.2=Zhejiang, OID.1.3.6.1.4.1.311.60.2.1.3=CN

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3C562CB720A7499C4666590645B93A05

File PE Metadata

Compilation timestamp:

1/22/2017 10:12:23 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

Entry address:

0x12000

Entry point:

48, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 48, 83, EC, 58, 48, C7, 44, 24, 48, 00, 00, 00, 00, 48, 8D, 15, 82, DB, FF, FF, 48, 8D, 0D, 7B, C2, FF, FF, E8, 36, 10, FF, FF, 89, 44, 24, 40, 83, 7C, 24, 40, 00, 7D, 09, 8B, 44, 24, 40, E9, 32, 01, 00, 00, 4C, 8D, 05, C3, D9, FF, FF, 48, 8D, 15, A4, 85, FF, FF, 48, 8B, 4C, 24, 60, FF, 15, D9, 7F, FF, FF, 89, 44, 24, 40, 83, 7C, 24, 40, 00, 7D, 09, 8B, 44, 24, 40, E9, 05, 01, 00, 00, 48, 8B, 44, 24, 60, 48, 89, 05, 89, D9, FF, FF, C7, 05, CB, D9, FF, FF, 00, 00, 00... 
[+]

Entropy:

6.2379

Code size:

41 KB (41,984 bytes)

Driver

Display name:

DsFs

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan dsfs64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.