× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0afc9f307c1107dce6836e8cf4c4670e46a25fa2734d0696e4d72a5e370c697c
File name: cbfs.sys
Detection ratio: 0 / 70
Analysis date: 2018-12-14 08:56:25 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware 20181214
AegisLab 20181214
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181214
Antiy-AVL 20181214
Arcabit 20181214
Avast 20181214
Avast-Mobile 20181214
AVG 20181214
Avira (no cloud) 20181214
Babable 20180918
Baidu 20181207
BitDefender 20181214
Bkav 20181213
CAT-QuickHeal 20181213
ClamAV 20181214
CMC 20181213
Comodo 20181214
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181214
Cyren 20181214
DrWeb 20181214
eGambit 20181214
Emsisoft 20181214
Endgame 20181108
ESET-NOD32 20181214
F-Prot 20181214
F-Secure 20181214
Fortinet 20181214
GData 20181214
Ikarus 20181214
Sophos ML 20181128
Jiangmin 20181214
K7AntiVirus 20181213
K7GW 20181213
Kaspersky 20181213
Kingsoft 20181214
Malwarebytes 20181214
MAX 20181214
McAfee 20181214
McAfee-GW-Edition 20181214
Microsoft 20181214
eScan 20181214
NANO-Antivirus 20181214
Palo Alto Networks (Known Signatures) 20181214
Panda 20181213
Qihoo-360 20181214
Rising 20181214
SentinelOne (Static ML) 20181011
Sophos AV 20181214
SUPERAntiSpyware 20181212
Symantec 20181214
Symantec Mobile Insight 20181212
TACHYON 20181214
Tencent 20181214
TheHacker 20181213
TotalDefense 20181213
Trapmine 20181205
TrendMicro 20181214
TrendMicro-HouseCall 20181214
Trustlook 20181214
VBA32 20181213
VIPRE 20181214
ViRobot 20181214
Webroot 20181214
Yandex 20181213
Zillya 20181213
ZoneAlarm by Check Point 20181214
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) EldoS Corp. 2006-2012

Product Callback File System (TM)
Original name cbfs3.sys
Internal name cbfs.sys
File version 3, 2, 103, 256
Description Callback File System Driver
Signature verification Signed file, verified signature
Signing date 9:24 AM 2/4/2012
Signers
[+] EldoS Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign ObjectSign CA
Valid from 3:19 PM 1/11/2010
Valid to 3:19 PM 1/11/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A6FC131EFFE9A867CBF3192729C7571B8B1E98EC
Serial number 01 00 00 00 00 01 26 1D EC 28 F7
[+] GlobalSign ObjectSign CA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Primary Object Publishing CA
Valid from 11:00 AM 1/22/2004
Valid to 11:00 AM 1/27/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 94BDB3CE4A5BC37A9A0BB45AFADB043932474F32
Serial number 04 00 00 00 00 01 23 9E 0F AF 24
[+] GlobalSign Primary Object Publishing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Root CA
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 549DF5E7102A223BA204B7150106D8EA17B7A70A
Serial number 04 00 00 00 00 01 23 9E 0F AC B3
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine x64
Compilation timestamp 2012-02-04 08:24:22
Entry Point 0x000550FC
Number of sections 8
PE sections
Overlays
MD5 0a61109360ff7da0caff02ca5dddb3d0
File type data
Offset 342016
Size 8080
Entropy 7.42
PE imports
ZwOpenKey
ExDeleteResourceLite
FsRtlPostStackOverflow
ExRaiseStatus
RtlCreateSecurityDescriptor
ExQueryDepthSList
IoAttachDeviceToDeviceStack
FsRtlNotifyFullReportChange
ExInitializePagedLookasideList
SeReleaseSubjectContext
FsRtlCheckOplock
RtlSplay
IoGetStackLimits
RtlDelete
KeFlushQueuedDpcs
FsRtlLookupPerStreamContextInternal
FsRtlFastUnlockAll
IoRaiseInformationalHardError
ExAcquireFastMutex
KeCancelTimer
ExInitializeResourceLite
RtlInsertElementGenericTable
PsGetVersion
InitializeSListHead
RtlAppendUnicodeStringToString
MmForceSectionClosed
RtlValidRelativeSecurityDescriptor
_snwprintf
FsRtlFastCheckLockForRead
IoDeleteSymbolicLink
ExEventObjectType
KeSetEvent
IoGetDeviceToVerify
ObReferenceObjectByHandle
RtlNumberGenericTableElements
KeStackAttachProcess
CcMdlWriteComplete
CcMdlReadComplete
FsRtlPrivateLock
MmGetSystemRoutineAddress
IoCheckShareAccess
RtlAppendUnicodeToString
FsRtlDeregisterUncProvider
SeSinglePrivilegeCheck
ObOpenObjectByPointer
IoGetRelatedDeviceObject
IoThreadToProcess
RtlLengthSecurityDescriptor
MmQuerySystemSize
_vsnprintf
IoCreateSymbolicLink
RtlInitializeBitMap
RtlSetBits
ExAcquireResourceSharedLite
CcIsThereDirtyData
RtlCopyUnicodeString
IoAllocateIrp
CcMdlRead
PsLookupProcessByProcessId
PoCallDriver
IoCreateStreamFileObject
IoSetTopLevelIrp
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
FsRtlNotifyCleanup
CcDeferWrite
FsRtlLegalAnsiCharacterArray
IoIsOperationSynchronous
FsRtlCopyWrite
CcFlushCache
ExReleaseResourceLite
IoRemoveShareAccess
ExReleaseFastMutexUnsafe
IoCreateDevice
ProbeForRead
CcWaitForCurrentLazyWriterActivity
KeBugCheck
IoDeleteDevice
FsRtlInsertPerStreamContext
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
strrchr
KeUnstackDetachProcess
FsRtlOplockIsFastIoPossible
IoSetShareAccess
ExDeleteNPagedLookasideList
SeQueryAuthenticationIdToken
RtlLookupElementGenericTable
FsRtlFastUnlockAllByKey
ZwQueryInformationProcess
ZwWriteFile
FsRtlInitializeFileLock
RtlClearAllBits
FsRtlCurrentBatchOplock
FsRtlTeardownPerStreamContexts
__C_specific_handler
KeEnterCriticalRegion
ZwQueryValueKey
IoAllocateMdl
ExIsResourceAcquiredExclusiveLite
ExReleaseResourceForThreadLite
FsRtlCheckLockForWriteAccess
RtlSetDaclSecurityDescriptor
FsRtlFastCheckLockForWrite
KeResetEvent
ObfReferenceObject
ZwSetValueKey
CcPurgeCacheSection
ExInterlockedAddUlong
IoUpdateShareAccess
FsRtlOplockFsctrl
CcCopyWrite
KeReleaseSemaphore
FsRtlIsTotalDeviceFailure
KeAcquireSpinLockRaiseToDpc
IoQueueWorkItem
RtlInitUnicodeString
FsRtlCopyRead
IoDetachDevice
ExConvertExclusiveToSharedLite
KeInitializeEvent
MmMapLockedPagesSpecifyCache
RtlClearBit
RtlFindClearBitsAndSet
IoUnregisterFileSystem
PsSetLoadImageNotifyRoutine
IoInvalidateDeviceRelations
_vsnwprintf
IoFreeWorkItem
KeReleaseSpinLock
FsRtlNotifyFullChangeDirectory
ObQueryNameString
FsRtlDissectName
ExInitializeNPagedLookasideList
CcCanIWrite
FsRtlNormalizeNtstatus
ExpInterlockedPopEntrySList
MmProbeAndLockPages
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeClearEvent
ExAcquireFastMutexUnsafe
RtlInitializeGenericTable
CcSetReadAheadGranularity
FsRtlAreNamesEqual
CcSetFileSizes
ExAllocatePoolWithTag
IoIs32bitProcess
IoFreeIrp
FsRtlIsNtstatusExpected
FsRtlNotifyVolumeEvent
ZwEnumerateValueKey
KeSetTimer
FsRtlDoesNameContainWildCards
RtlEnumerateGenericTableWithoutSplaying
KeWaitForSingleObject
ExAcquireResourceExclusiveLite
FsRtlFastUnlockSingle
PsReferencePrimaryToken
ZwOpenSymbolicLinkObject
KeInitializeDpc
FsRtlNotifyInitializeSync
ExQueueWorkItem
PsGetCurrentThreadId
IoFileObjectType
MmCanFileBeTruncated
IoReleaseVpbSpinLock
IoAllocateErrorLogEntry
PoStartNextPowerIrp
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
PsGetProcessId
IoOpenDeviceRegistryKey
ExGetSharedWaiterCount
PoSetPowerState
IoAllocateWorkItem
ExAcquireSharedStarveExclusive
ZwOpenFile
PsDereferencePrimaryToken
FsRtlUninitializeOplock
CcInitializeCacheMap
ZwOpenDirectoryObject
ZwCreateEvent
MmUnlockPages
ZwDeleteValueKey
PsTerminateSystemThread
FsRtlRegisterUncProvider
_local_unwind
IoVerifyVolume
PsCreateSystemThread
IoBuildAsynchronousFsdRequest
IoAcquireVpbSpinLock
ZwMapViewOfSection
swprintf
CcPrepareMdlWrite
IoRaiseHardError
ExpInterlockedPushEntrySList
IoSetHardErrorOrVerifyDevice
CcUninitializeCacheMap
DbgPrint
RtlDeleteElementGenericTable
IoRegisterFileSystem
ZwCreateKey
MmFlushImageSection
SeCaptureSubjectContext
ZwFsControlFile
IoGetTopLevelIrp
CcCopyRead
KeInitializeSemaphore
IoGetRequestorProcess
ZwCreateSection
FsRtlUninitializeFileLock
ZwQuerySymbolicLinkObject
IofCompleteRequest
RtlEqualUnicodeString
RtlGetElementGenericTable
ExReleaseFastMutex
IoSetDeviceToVerify
KeLeaveCriticalRegion
KeInitializeTimer
IoIsSystemThread
FsRtlCheckLockForReadAccess
IofCallDriver
ExFreePoolWithTag
IoRegisterFsRegistrationChange
RtlCompareMemory
ZwUnmapViewOfSection
RtlCompareUnicodeString
IoWriteErrorLogEntry
FsRtlInitializeOplock
FsRtlNotifyUninitializeSync
PsGetCurrentProcessId
ExGetExclusiveWaiterCount
KeBugCheckEx
KeDelayExecutionThread
ObfDereferenceObject
MmSystemRangeStart
ZwClose
IoGetDiskDeviceObject
IoFreeMdl
FsRtlProcessFileLock
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
83968

ImageVersion
6.1

ProductName
Callback File System (TM)

FileVersionNumber
3.2.103.256

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
cbfs3.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
3, 2, 103, 256

TimeStamp
2012:02:04 09:24:22+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
cbfs.sys

ProductVersion
3, 2, 103, 14

FileDescription
Callback File System Driver

OSVersion
6.1

FileOS
Windows NT

LegalCopyright
Copyright (C) EldoS Corp. 2006-2012

MachineType
AMD AMD64

CompanyName
EldoS Corporation

CodeSize
261632

FileSubtype
7

ProductVersionNumber
3.2.103.14

EntryPoint
0x550fc

ObjectFileType
Driver

Compressed bundles
File identification
MD5 3ce82cbe7bf92116b0fbe3cd0708d9e8
SHA1 5e957711941cc8160cd49b4e9d68ae69a8694c58
SHA256 0afc9f307c1107dce6836e8cf4c4670e46a25fa2734d0696e4d72a5e370c697c
ssdeep
6144:Ue24GBMqmue7Rp+6Xkf8ifzH0ihGYq7civHYu:/qcR26UkEhGN7civ4u

authentihash a4794b43a4fffd0a11821957cc36e66a8572b4ac98efcc966fa69ee7081539ff
imphash e09794d7ad6112593729cbf7fd48f576
File size 341.9 KB ( 350096 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2013-07-22 05:29:08 UTC ( 5 years, 9 months ago )
Last submission 2014-01-20 16:53:44 UTC ( 5 years, 2 months ago )
File names vt-upload-CXJvRQ
cbfs3.sys
cbfs3.sys
cbfs.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!