home

cafx.sys

cafx

Guilherme Pagotto de Freitas Neves

The file cafx.sys, “Cafx Video Driver” has been detected as malware by 22 anti-virus scanners. It runs as a Windows 64-bit kernel mode device driver named “cafx”.
Publisher:
Ca Inc.  (signed by Guilherme Pagotto de Freitas Neves)

Product:
cafx

Description:
Cafx Video Driver

Version:
1.3.1

MD5:
8baf624bf7ca415ab8f7011b761840bf

SHA-1:
b15eacaceceb73ec7a4ffafed4d454817311a5b1

SHA-256:
9f878d00cea659e808e4577950ebde83e9e4f8e8b14360b52c0e00a01a0612b9

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
4/25/2024 7:20:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11362374
150

AegisLab AV Signature
Troj.Banker.W32.Agent!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent
2016.05.27

Arcabit
Trojan.Generic.DAD6046
1.0.0.688

avast!
Win64:Malware-gen
2014.9-160907

AVG
Generic36
2017.0.2628

Bitdefender
Trojan.Generic.11362374
1.0.20.1255

Bkav FE
W32.Clod10c.Trojan
1.3.0.8042

Emsisoft Anti-Malware
Trojan.Generic.11362374
8.16.09.07.08

F-Secure
Trojan.Generic.11362374
11.2016-07-09_4

G Data
Trojan.Generic.11362374
16.9.25

IKARUS anti.virus
Trojan-Banker.Win32.Agent
t3scan.2.0.9.0

K7 AntiVirus
Riskware
13.226.19722

Kaspersky
Trojan-Banker.Win32.Agent
14.0.0.-367

McAfee
Artemis!8BAF624BF7CA
5600.6284

MicroWorld eScan
Trojan.Generic.11362374
17.0.0.753

nProtect
Trojan.Generic.11362374
16.05.26.01

Panda Antivirus
Trj/OCJ.F
16.09.07.08

Qihoo 360 Security
Win32/Trojan.b38
1.0.0.1120

Rising Antivirus
Trjoan.Generic-dZN1k5eGw6G (Cloud)
23.00.65.16905

VIPRE Antivirus
Trojan.Win32.Generic
49654

Zillya! Antivirus
Trojan.Agent.Win32.674940
2.0.0.2891

File size:
17.1 KB (17,512 bytes)

Product version:
1.3.1

Copyright:
Ca Inc.

Original file name:
cafx.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\windows\syswow64\drivers\cafx.sys

Digital Signature
Signed by:
Guilherme Pagotto de Freitas Neves

Authority:
GlobalSign nv-sa

Valid from:
12/19/2012 4:04:36 PM

Valid to:
12/20/2013 4:04:36 PM

Subject:
CN=Guilherme Pagotto de Freitas Neves, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BC82AF9103ECBDF445BC70B446D321FD

File PE Metadata
Compilation timestamp:
12/6/2013 10:33:40 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:FWa8d/NAXS/qRGrIiDTn+dIFaKgqY5Y0D:FTk/wZArIiDTn/FaEiD

Entry address:
0xB064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, DE, 62, FF, FF, CC, CC, B0, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, B2, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, B1, 00, 00, 00, 00, 00, 00, 40, B1, 00, 00, 00, 00, 00, 00, 54, B1, 00, 00, 00, 00, 00, 00, 70, B1, 00, 00, 00, 00, 00, 00, 88, B1, 00, 00, 00, 00, 00, 00, 9A, B1, 00, 00, 00, 00, 00, 00, AA, B1, 00, 00...
 
[+]

Code size:
9.5 KB (9,728 bytes)

Driver
Display name:
cafx

Type:
Kernel device driver (KernelDriver)


Remove cafx.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.