home

hlnfd.sys

Highlightly Driver x64

Highlightly

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file hlnfd.sys by Highlightly has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “hlnfd”.
Publisher:
Highlightly  (signed and verified)

Product:
Highlightly Driver x64

Version:
1.9.0.0

MD5:
8decf397b091ff0af81cc48c601c6b94

SHA-1:
4704c5fd896b19f239e0b2eda0e5f783a7ec0b38

SHA-256:
db75667202b34b5f7c6e8c0d241c68d019e73194de3776df513b0985971be3a0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 6:48:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Highlightly.I
14.3.14.0

File size:
56.9 KB (58,256 bytes)

Product version:
1.9.0.0

Copyright:
Copyright (C) 2013

Original file name:
hlnfd.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\hlnfd.sys

Digital Signature
Signed by:
Highlightly

Authority:
GlobalSign nv-sa

Valid from:
6/3/2013 3:25:40 PM

Valid to:
6/4/2014 3:25:40 PM

Subject:
E=support@gethighlightly.com, CN=Highlightly, OU=Highlightly, O=Highlightly, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121971480A12BD051AA09DCE9072375C4F7

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
1536:JiBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRnNB7BG:0C6sCysD7L+Fs+hYOtcRnNu

Entry point:
48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00...
 
[+]

Entropy:
6.3832

Driver
Display name:
hlnfd

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove hlnfd.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.