home

d2a982a92d09e305.sys

The file d2a982a92d09e305.sys has been detected as malware by 37 anti-virus scanners. It runs as a Windows kernel mode device driver named “gyyv.exe”.
MD5:
50f9d0c60bba75c4d100f29cda78ff9a

SHA-1:
a888b8f77558a9837b9f2fee07956252ad1b1a4f

SHA-256:
6ec82fff7ea28331557417e84a49b0b59c6b69353eefbd76fe1ceeea80e5d184

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/24/2024 11:21:50 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1595233
835

Agnitum Outpost
Trojan.DL.Necurs
7.1.1

AhnLab V3 Security
Backdoor/Win32.Necurs
2014.06.09

Avira AntiVirus
TR/Agent.abxa.67
7.11.153.232

avast!
Win32:Zbot-SZS [Rtk]
2014.9-141022

AVG
Crypt3
2015.0.3313

Baidu Antivirus
Trojan.Win32.Necurs
4.0.3.141022

Bitdefender
Trojan.GenericKD.1595233
1.0.20.1475

Bkav FE
W32.SistetyC.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18485

Dr.Web
Trojan.NtRootKit.16969
9.0.1.0295

Emsisoft Anti-Malware
Trojan.GenericKD.1595233
8.14.10.22.02

ESET NOD32
Win32/TrojanDownloader.Necurs
8.9913

Fortinet FortiGate
W32/Necurs.A!tr.dldr
10/22/2014

F-Secure
Trojan.GenericKD.1595233
11.2014-22-10_4

G Data
Trojan.GenericKD.1595233
14.10.24

IKARUS anti.virus
Rootkit.Necurs
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.1712333

Kaspersky
Rootkit.Win32.Necurs
14.0.0.3062

Malwarebytes
Rootkit.Necurs
v2014.10.22.02

McAfee
RDN/Generic.dx!czh
5600.6969

Microsoft Security Essentials
Trojan:WinNT/Necurs.A
1.10600

MicroWorld eScan
Trojan.GenericKD.1595233
15.0.0.885

NANO AntiVirus
Trojan.Win32.Kryptik.cvaprl
0.28.0.60100

Norman
Suspicious_Gen4.FWJWV
11.20141022

nProtect
Trojan/W32.Agent1.61312.C
14.06.08.01

Panda Antivirus
Trj/Necurs.B
14.10.22.02

Qihoo 360 Security
HEUR/Malware.QVM00.Gen
1.0.0.1015

Quick Heal
Trojan.Necurs.A
10.14.14.00

Sophos
Troj/Necurs-BG
4.98

Total Defense
Win32/Necurs.LfMQVWC
37.0.10987

Trend Micro House Call
RTKT_NECURS.SMA
7.2.295

Trend Micro
RTKT_NECURS.BGSH
10.465.22

Vba32 AntiVirus
Rootkit.Necurs
3.12.26.0

VIPRE Antivirus
Trojan.WinNT.Necurs.a
30104

ViRobot
Trojan.Win32.A.RT-Necurs.61312
2011.4.7.4223

XVirus List
Win32.Detected
2.10.22

File size:
59.9 KB (61,312 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\d2a982a92d09e305.sys

File PE Metadata
Compilation timestamp:
3/5/2014 7:38:13 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:DzumocOCIKh66Ii1a4BF8dUHSiDXG1NSW0iQJwv2uAXPFoH055J205eed5:D1DXnU4BF8RiDMNI0AXNoU7de

Entry address:
0xE33E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 7E, F8, FF, FF, CC, CC, 94, E3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3E, E5, 00, 00, 08, E0, 00, 00, 8C, E3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 68, E5, 00, 00, 00, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, E5, 00, 00, 00, 00, 00, 00, 12, E4, 00, 00, 2A, E4, 00, 00, 3E, E4, 00, 00, 48, E4, 00, 00, 58, E4, 00, 00, 6E, E4, 00, 00, 88, E4, 00, 00, F8, E3, 00, 00, BA, E4, 00, 00, D6, E4, 00, 00, E4, E4...
 
[+]

Entropy:
6.6696

Code size:
55.5 KB (56,832 bytes)

Driver
Display name:
gyyv.exe

Service name:
d2a982a92d09e305

Type:
Kernel device driver (KernelDriver)

Group:
Boot Bus Extender


Remove d2a982a92d09e305.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.