home

badriver.sys

Windows Win 7 DDK driver

P e P na Internet LTDA ME

The file badriver.sys, “NetFilter SDK WFP Driver (WPP)” by P e P na InternetA ME has been detected as adware by 8 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “badriver”.
Publisher:
Windows (R) Win 7 DDK provider  (signed by P e P na Internet LTDA ME)

Product:
Windows (R) Win 7 DDK driver

Description:
NetFilter SDK WFP Driver (WPP)

Version:
1.4.5.2

MD5:
e275f6fa12a4b1801c13f86f41112c95

SHA-1:
1bfe4a8ecfe7f8a623b321fac8ae99684575ba8f

SHA-256:
a6df9290131c3e61faa12383d0e5305bbbb0215ed05b2cceab4e5d2580c606ea

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/25/2024 12:46:35 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2016.0.3144

Bkav FE
W64.HfsAdware
1.3.0.6379

Dr.Web
Adware.Salus.7
9.0.1.099

ESET NOD32
Win64/NetFilter.A potentially unsafe (variant)
9.11401

Fortinet FortiGate
Adware/NetFilter
4/9/2015

Reason Heuristics
PUP.BR Software
15.3.18.1

VIPRE Antivirus
Trojan.Win32.Generic
38918

File size:
66 KB (67,560 bytes)

Product version:
6.2.9200.16384

Copyright:
Copyright © NetFilterSDK.com

Original file name:
netfilter2.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\badriver.sys

Digital Signature
Signed by:
P e P na Internet LTDA ME

Authority:
Symantec Corporation

Valid from:
1/26/2014 9:00:00 PM

Valid to:
1/27/2016 8:59:59 PM

Subject:
CN=P e P na Internet LTDA ME, O=P e P na Internet LTDA ME, L=Vila Velha, S=Espirito Santo, C=BR, SERIALNUMBER=12.112.810/0001-19, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=BR

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1F8F91EE9AF97AC99EB07FFFA32D1892

File PE Metadata
Compilation timestamp:
10/30/2014 6:58:26 PM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
1536:yBzqQObeZca+htfGLROy/l+v6ul/pmd2aF:QzqQuPa+DfGx/l+bRmd9F

Entry address:
0xB780

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 73, 48, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, DA, D6, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 49, 19, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 08, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, B9, 02, 00, 00, 00, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, B9, 08, 00, 00, 00, CD, 29, CC...
 
[+]

Code size:
49 KB (50,176 bytes)

Driver
Display name:
badriver

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove badriver.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.