» avihcmp.sys
Overview
Analysis
File Details
Behaviors (3)

avihcmp.sys

SpectorSoft Corporation

The file avihcmp.sys has been detected as malware by 7 anti-virus scanners. It runs as a Windows 64-bit file system device driver named “avihcmp”.

File name:

avihcmp.sys

Publisher:

SpectorSoft Corporation (signed and verified)

Version:

5, 1, 2600, 0

MD5:

2b1a215c76e29e5477a0d8bddd9ed163

SHA-1:

40da3fd1d68418f3979c5d5eca91f22a8622747e

SHA-256:

3edee7521ce3c97ade2685257db6fd66579cf98726482bfd2c674b9c1fde831d

Scanner detections:

7 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/26/2024 5:43:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Keylogger.Spector.A

942

Bitdefender

Application.Keylogger.Spector.A

1.0.20.940

Emsisoft Anti-Malware

Application.Keylogger.Spector

8.14.07.07.03

F-Secure

Application.Keylogger.Spector

11.2014-07-07_2

G Data

Application.Keylogger.Spector

14.7.24

IKARUS anti.virus

Application.Spector

t3scan.2.2.29

MicroWorld eScan

Application.Keylogger.Spector.A

15.0.0.564

File size:

65.8 KB (67,352 bytes)

Product version:

5, 1, 2600, 0

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\windows\seriptcp\avihcmp.sys

Digital Signature

Signed by:

SpectorSoft Corporation

Authority:

VeriSign, Inc.

Valid from:

5/2/2011 7:00:00 PM

Valid to:

5/2/2013 6:59:59 PM

Subject:

CN=SpectorSoft Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SpectorSoft Corporation, L=Vero Beach, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D8A45D5ED59E18AEAED8330D47166B4

File PE Metadata

Compilation timestamp:

3/7/2012 4:14:52 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:8n0Sikaar9//JglkmrcxkdUn6zL9RUXwLMHOC+7:81igr93t0cCSUxRQzw

Entry address:

0x10DE4

Entry point:

48, 8B, 05, 15, 83, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, FA, 82, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, D2, 82, FF, FF, 48, F7, D0, 48, 89, 05, D0, 82, FF, FF, E9, CB, F1, FF, FF, CC, CC, CC, 5C, 00, 46, 00, 69, 00, 6C, 00, 65, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6D, 00, 5C, 00, 46, 00, 69, 00, 6C, 00, 74, 00, 65, 00, 72, 00... 
[+]

Entropy:

6.2478

Code size:

46 KB (47,104 bytes)

3 Drivers

Display name:

avihcmp

Type:

File system 'filter' driver (FileSystemDriver)

Display name:

sprecorder

Type:

File system 'filter' driver (FileSystemDriver)

Display name:

vdorctrl

Type:

File system 'filter' driver (FileSystemDriver)

Remove avihcmp.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.