» arpdefender.sys
Overview
Analysis
File Details
Behaviors (1)

arpdefender.sys

ArpDefender_Win7

Hangzhou Shunwang Technology Co.,Ltd

It runs as a Windows kernel mode device driver named “Sunward Arp Defender”.

File name:

arpdefender.sys

Publisher:

Sunward Technology Co.Ltd (signed by Hangzhou Shunwang Technology Co.,Ltd)

Product:

ArpDefender_Win7

Description:

Sunward Arp Defender

Version:

1.0.2.1 built by: WinDDK

MD5:

a3bca6fc839cbc58ae07cd5774b19569

SHA-1:

3c767b9124ac07af84e683c0553bcb03c28f61bd

SHA-256:

9f23e0902cd3250c34ca14a47d3735773db5eab91be21726375629e136578384

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 12:31:31 PM UTC (today)

File size:

87 KB (89,128 bytes)

Product version:

1.0.2.1

Sunward Technology Co.Ltd

Original file name:

NetFlt6.SYS

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\arpdefender.sys

Digital Signature

Signed by:

Hangzhou Shunwang Technology Co.,Ltd

Authority:

GlobalSign nv-sa

Valid from:

6/26/2011 11:56:06 PM

Valid to:

6/26/2014 11:56:06 PM

Subject:

CN="Hangzhou Shunwang Technology Co.,Ltd", O="Hangzhou Shunwang Technology Co.,Ltd", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C389611C656AF0D3AB84786EC9517946

File PE Metadata

Compilation timestamp:

5/6/2014 4:32:42 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

1536:RZOnP/XKcOHYgPmPTnC4KhHo7dxDwSCAFfQFwOct6X6t++DO:rMXXmPmPe4wCQAFfsu6EHDO

Entry address:

0x1403E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 88, EC, FE, FF, CC, CC, BC, 41, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, 46, 01, 00, 08, 21, 01, 00, B4, 40, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6E, 46, 01, 00, 00, 20, 01, 00, C4, 40, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, C6, 4A, 01, 00, 10, 20, 01, 00, 74, 41, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 4C, 01, 00, C0, 20, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 46, 01, 00, 5A, 46, 01, 00, 32, 46... 
[+]

Entropy:

6.6713

Code size:

70.5 KB (72,192 bytes)

Driver

Display name:

Sunward Arp Defender

Service name:

sfilter

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

Scan arpdefender.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.