× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0afc9f307c1107dce6836e8cf4c4670e46a25fa2734d0696e4d72a5e370c697c
File name: cbfs3.sys
Detection ratio: 0 / 56
Analysis date: 2016-02-24 21:03:43 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20160224
AegisLab 20160224
Yandex 20160221
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Arcabit 20160224
Avast 20160224
AVG 20160224
Avira (no cloud) 20160224
AVware 20160224
Baidu-International 20160224
BitDefender 20160224
Bkav 20160224
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
DrWeb 20160224
Emsisoft 20160224
ESET-NOD32 20160224
F-Prot 20160224
F-Secure 20160224
Fortinet 20160224
GData 20160224
Ikarus 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
Kaspersky 20160224
Malwarebytes 20160224
McAfee 20160224
McAfee-GW-Edition 20160224
Microsoft 20160224
eScan 20160224
NANO-Antivirus 20160224
nProtect 20160224
Panda 20160224
Qihoo-360 20160224
Rising 20160224
Sophos AV 20160224
SUPERAntiSpyware 20160224
Symantec 20160224
Tencent 20160224
TheHacker 20160222
TotalDefense 20160223
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VBA32 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160224
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) EldoS Corp. 2006-2012

Product Callback File System (TM)
Original name cbfs3.sys
Internal name cbfs.sys
File version 3, 2, 103, 256
Description Callback File System Driver
Signature verification Signed file, verified signature
Signing date 9:24 AM 2/4/2012
Signers
[+] EldoS Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign ObjectSign CA
Valid from 3:19 PM 1/11/2010
Valid to 3:19 PM 1/11/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A6FC131EFFE9A867CBF3192729C7571B8B1E98EC
Serial number 01 00 00 00 00 01 26 1D EC 28 F7
[+] GlobalSign ObjectSign CA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Primary Object Publishing CA
Valid from 11:00 AM 1/22/2004
Valid to 11:00 AM 1/27/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 94BDB3CE4A5BC37A9A0BB45AFADB043932474F32
Serial number 04 00 00 00 00 01 23 9E 0F AF 24
[+] GlobalSign Primary Object Publishing CA
Status Valid
Issuer GlobalSign Root CA
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 549DF5E7102A223BA204B7150106D8EA17B7A70A
Serial number 04 00 00 00 00 01 23 9E 0F AC B3
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine x64
Compilation timestamp 2012-02-04 08:24:22
Entry Point 0x000550FC
Number of sections 8
PE sections
Overlays
MD5 0a61109360ff7da0caff02ca5dddb3d0
File type data
Offset 342016
Size 8080
Entropy 7.42
PE imports
ZwOpenKey
ExDeleteResourceLite
FsRtlPostStackOverflow
ExRaiseStatus
RtlCreateSecurityDescriptor
ExQueryDepthSList
IoAttachDeviceToDeviceStack
FsRtlNotifyFullReportChange
ExInitializePagedLookasideList
SeReleaseSubjectContext
FsRtlCheckOplock
RtlSplay
IoGetStackLimits
RtlDelete
KeFlushQueuedDpcs
FsRtlLookupPerStreamContextInternal
FsRtlFastUnlockAll
_vsnprintf
IoRaiseInformationalHardError
ExAcquireFastMutex
KeCancelTimer
ExInitializeResourceLite
RtlInsertElementGenericTable
PsGetVersion
InitializeSListHead
RtlAppendUnicodeStringToString
MmForceSectionClosed
RtlValidRelativeSecurityDescriptor
_snwprintf
FsRtlFastCheckLockForRead
IoDeleteSymbolicLink
ExEventObjectType
KeSetEvent
IoGetDeviceToVerify
ObReferenceObjectByHandle
RtlNumberGenericTableElements
KeStackAttachProcess
CcMdlWriteComplete
CcMdlReadComplete
FsRtlPrivateLock
MmGetSystemRoutineAddress
IoCheckShareAccess
RtlAppendUnicodeToString
FsRtlDeregisterUncProvider
SeSinglePrivilegeCheck
ObOpenObjectByPointer
IoGetRelatedDeviceObject
IoThreadToProcess
RtlLengthSecurityDescriptor
MmQuerySystemSize
IoCreateSymbolicLink
RtlInitializeBitMap
RtlSetBits
ExAcquireResourceSharedLite
CcIsThereDirtyData
RtlCopyUnicodeString
IoAllocateIrp
CcMdlRead
PsLookupProcessByProcessId
PoCallDriver
IoCreateStreamFileObject
IoSetTopLevelIrp
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
FsRtlNotifyCleanup
CcDeferWrite
FsRtlLegalAnsiCharacterArray
IoIsOperationSynchronous
FsRtlCopyWrite
CcFlushCache
ExReleaseResourceLite
IoRemoveShareAccess
ExReleaseFastMutexUnsafe
IoCreateDevice
ProbeForRead
CcWaitForCurrentLazyWriterActivity
KeBugCheck
IoDeleteDevice
FsRtlInsertPerStreamContext
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
strrchr
KeUnstackDetachProcess
FsRtlOplockIsFastIoPossible
IoSetShareAccess
ExDeleteNPagedLookasideList
SeQueryAuthenticationIdToken
RtlLookupElementGenericTable
FsRtlFastUnlockAllByKey
ZwQueryInformationProcess
ZwWriteFile
FsRtlInitializeFileLock
RtlClearAllBits
FsRtlCurrentBatchOplock
FsRtlTeardownPerStreamContexts
__C_specific_handler
KeEnterCriticalRegion
ZwQueryValueKey
IoAllocateMdl
ExIsResourceAcquiredExclusiveLite
ExReleaseResourceForThreadLite
FsRtlCheckLockForWriteAccess
RtlSetDaclSecurityDescriptor
FsRtlFastCheckLockForWrite
KeResetEvent
ObfReferenceObject
ZwSetValueKey
CcPurgeCacheSection
ExInterlockedAddUlong
IoUpdateShareAccess
FsRtlOplockFsctrl
CcCopyWrite
KeReleaseSemaphore
FsRtlIsTotalDeviceFailure
KeAcquireSpinLockRaiseToDpc
IoQueueWorkItem
RtlInitUnicodeString
FsRtlCopyRead
IoDetachDevice
ExConvertExclusiveToSharedLite
KeInitializeEvent
MmMapLockedPagesSpecifyCache
RtlClearBit
RtlFindClearBitsAndSet
IoUnregisterFileSystem
PsSetLoadImageNotifyRoutine
IoInvalidateDeviceRelations
_vsnwprintf
IoFreeWorkItem
KeReleaseSpinLock
FsRtlNotifyFullChangeDirectory
ObQueryNameString
FsRtlDissectName
ExInitializeNPagedLookasideList
CcCanIWrite
FsRtlNormalizeNtstatus
ExpInterlockedPopEntrySList
MmProbeAndLockPages
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeClearEvent
ExAcquireFastMutexUnsafe
RtlInitializeGenericTable
CcSetReadAheadGranularity
FsRtlAreNamesEqual
CcSetFileSizes
ExAllocatePoolWithTag
IoIs32bitProcess
IoFreeIrp
FsRtlIsNtstatusExpected
FsRtlNotifyVolumeEvent
ZwEnumerateValueKey
KeSetTimer
FsRtlDoesNameContainWildCards
RtlEnumerateGenericTableWithoutSplaying
KeWaitForSingleObject
ExAcquireResourceExclusiveLite
FsRtlFastUnlockSingle
PsReferencePrimaryToken
ZwOpenSymbolicLinkObject
KeInitializeDpc
FsRtlNotifyInitializeSync
ExQueueWorkItem
PsGetCurrentThreadId
IoFileObjectType
MmCanFileBeTruncated
IoReleaseVpbSpinLock
IoAllocateErrorLogEntry
PoStartNextPowerIrp
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
PsGetProcessId
IoOpenDeviceRegistryKey
ExGetSharedWaiterCount
PoSetPowerState
IoAllocateWorkItem
ExAcquireSharedStarveExclusive
ZwOpenFile
PsDereferencePrimaryToken
FsRtlUninitializeOplock
CcInitializeCacheMap
ZwOpenDirectoryObject
ZwCreateEvent
MmUnlockPages
ZwDeleteValueKey
PsTerminateSystemThread
FsRtlRegisterUncProvider
_local_unwind
IoVerifyVolume
PsCreateSystemThread
IoBuildAsynchronousFsdRequest
IoAcquireVpbSpinLock
ZwMapViewOfSection
swprintf
CcPrepareMdlWrite
IoRaiseHardError
ExpInterlockedPushEntrySList
IoSetHardErrorOrVerifyDevice
CcUninitializeCacheMap
DbgPrint
RtlDeleteElementGenericTable
IoRegisterFileSystem
ZwCreateKey
MmFlushImageSection
SeCaptureSubjectContext
ZwFsControlFile
IoGetTopLevelIrp
CcCopyRead
KeInitializeSemaphore
IoGetRequestorProcess
ZwCreateSection
FsRtlUninitializeFileLock
ZwQuerySymbolicLinkObject
IofCompleteRequest
RtlEqualUnicodeString
RtlGetElementGenericTable
ExReleaseFastMutex
IoSetDeviceToVerify
KeLeaveCriticalRegion
KeInitializeTimer
IoIsSystemThread
FsRtlCheckLockForReadAccess
IofCallDriver
ExFreePoolWithTag
IoRegisterFsRegistrationChange
RtlCompareMemory
ZwUnmapViewOfSection
RtlCompareUnicodeString
IoWriteErrorLogEntry
FsRtlInitializeOplock
FsRtlNotifyUninitializeSync
PsGetCurrentProcessId
ExGetExclusiveWaiterCount
KeBugCheckEx
KeDelayExecutionThread
ObfDereferenceObject
MmSystemRangeStart
ZwClose
IoGetDiskDeviceObject
IoFreeMdl
FsRtlProcessFileLock
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
7

FileVersionNumber
3.2.103.256

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
83968

EntryPoint
0x550fc

OriginalFileName
cbfs3.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) EldoS Corp. 2006-2012

FileVersion
3, 2, 103, 256

TimeStamp
2012:02:04 09:24:22+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
cbfs.sys

ProductVersion
3, 2, 103, 14

FileDescription
Callback File System Driver

OSVersion
6.1

FileOS
Windows NT

Subsystem
Native

MachineType
AMD AMD64

CompanyName
EldoS Corporation

CodeSize
261632

ProductName
Callback File System (TM)

ProductVersionNumber
3.2.103.14

FileTypeExtension
exe

ObjectFileType
Driver

Compressed bundles
File identification
MD5 3ce82cbe7bf92116b0fbe3cd0708d9e8
SHA1 5e957711941cc8160cd49b4e9d68ae69a8694c58
SHA256 0afc9f307c1107dce6836e8cf4c4670e46a25fa2734d0696e4d72a5e370c697c
ssdeep
6144:Ue24GBMqmue7Rp+6Xkf8ifzH0ihGYq7civHYu:/qcR26UkEhGN7civ4u

authentihash a4794b43a4fffd0a11821957cc36e66a8572b4ac98efcc966fa69ee7081539ff
imphash e09794d7ad6112593729cbf7fd48f576
File size 341.9 KB ( 350096 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2013-07-22 05:29:08 UTC ( 5 years, 2 months ago )
Last submission 2014-01-20 16:53:44 UTC ( 4 years, 8 months ago )
File names vt-upload-CXJvRQ
cbfs3.sys
cbfs3.sys
cbfs.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!