home

004.sys

Max Secure Software NTSecure Driver

Max Secure Software India Pvt. Ltd.

The file 004.sys by Max Secure Software India Pvt has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Max Secure Software  (signed by Max Secure Software India Pvt. Ltd.)

Product:
Max Secure Software NTSecure Driver

Version:
1, 0, 0, 1

MD5:
1411f25dd19c0ec5e86d48e30e82aff5

SHA-1:
21502f3475dd45afb88f8dac0b0fb5b790b5d08e

SHA-256:
ab8ea33056656bff8aab68b8923f7e35f97d46d5d2de37d9f7dee0cc38931c67

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 9:46:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MaxSecure.Optional.Meta (L)
16.2.14.11

File size:
13 KB (13,280 bytes)

Product version:
1, 0, 0, 1

Copyright:
(c) Max Secure Software. All rights reserved.

Trademarks:
Max Secure Software

Original file name:
NTSecure

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\004.sys

Digital Signature
Signed by:
Max Secure Software India Pvt. Ltd.

Authority:
GlobalSign nv-sa

Valid from:
4/3/2012 2:00:08 AM

Valid to:
7/24/2014 10:57:41 AM

Subject:
E=tech@maxpcsecure.com, CN=Max Secure Software India Pvt. Ltd., O=Max Secure Software India Pvt. Ltd., L=pune, S=MH, C=IN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216A69882C6D7835A9F4F1D6DCB7AC9C32

File PE Metadata
Compilation timestamp:
2/13/2014 1:41:47 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
192:GL0Pctz4nVTgBxe1HCjWe+PjPJQNl01wjEnc1QC8jSJUbueqFc9M+Y:GLUctEn2KtPLqNY1edUb+WE

Entry address:
0x41DB

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 1B, FE, FF, FF, CC, 5C, 00, 52, 00, 65, 00, 67, 00, 69, 00, 73, 00, 74, 00, 72, 00, 79, 00, 5C, 00, 4D, 00, 61, 00, 63, 00, 68, 00, 69, 00, 6E, 00, 65, 00, 5C, 00, 53, 00, 59, 00, 53, 00, 54, 00, 45, 00, 4D, 00, 5C, 00, 43, 00, 75, 00, 72, 00, 72, 00, 65, 00, 6E, 00, 74, 00, 43, 00, 6F, 00, 6E, 00, 74, 00, 72, 00, 6F, 00, 6C, 00, 53, 00, 65, 00, 74, 00, 5C, 00, 53, 00, 65, 00, 72, 00, 76, 00, 69, 00, 63, 00, 65, 00, 73, 00, 5C, 00, 61, 00, 6D, 00, 73, 00, 69...
 
[+]

Entropy:
5.8968

Code size:
2 KB (2,048 bytes)

Remove 004.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.