tapELDI.sys

TAP-Windows Virtual Network Driver

ByELDI Certificate

The file tapELDI.sys by ByELDI Certificate has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
The OpenVPN Project  (signed by ByELDI Certificate)

Product:
TAP-Windows Virtual Network Driver

Version:
9.9.2 9/9 built by: WinDDK

MD5:
72076bd261f28a06652cd26d50430825

SHA-1:
81b8826bd344d1cf57f47c63d37b34986df72655

SHA-256:
53d661b3be11f60aa6cb620ff3a16fd6930dc62a2f2c675ff43b6332ca9ed4e4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:00:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ByELDICertificate.K
14.11.14.15

File size:
26.3 KB (26,896 bytes)

Product version:
9.9.2 9/9

Copyright:
OpenVPN Technologies, Inc.

Original file name:
tapELDI.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\kms-windows\driver\tapeldi.sys

Digital Signature
Authority:
ByELDI Certificate

Valid from:
11/17/2013 2:55:17 PM

Valid to:
12/31/2039 3:59:59 PM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
4455572E3FD4538F44AC413F951D0311

File PE Metadata
Compilation timestamp:
11/17/2013 2:59:15 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:2fMsa/mq7L1ypn49O1U1dLn3kDPahXDg8rvfCVURI6oRWcNq3zhZPvZ5B6Z549Fi:2W9UUPL3sahXDg6iCGg3LZOg4X/

Entry address:
0x57DF

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, A1, FE, FF, FF, CC, 98, 58, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 5A, 00, 00, D8, 52, 00, 00, 40, 58, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C2, 5A, 00, 00, 80, 52, 00, 00, 50, 58, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 5C, 00, 00, 90, 52, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AE, 5A, 00, 00, 9A, 5A, 00, 00, 86, 5A, 00, 00, 00, 00, 00, 00, 4E, 5C, 00, 00, 36, 5C, 00, 00, 18, 5C, 00, 00, 00, 5C, 00...
 
[+]

Entropy:
6.3616

Code size:
21.1 KB (21,632 bytes)

Remove tapELDI.sys - Powered by Reason Core Security