» hostnt.sys
Overview
Analysis
File Details
Behaviors (1)

hostnt.sys

It runs as a Windows 64-bit kernel mode device driver named “HOSTNT”.

File name:

hostnt.sys

MD5:

caed87f7526384d7ed8a51cbfa12aac2

SHA-1:

dd815d9edd747220d69fe9f06283378187e63a2e

SHA-256:

f876e4a76beb8de4a4caa7396d167f4c8d14002570d4306b4020dddfdeeaa543

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

5/11/2025 6:55:50 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

17239

File size:

3.9 KB (4,032 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\hostnt.sys

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

48:6GrU+b8sVZncXC9MQHKVRXNqod/lzqnra9wfsg3kLUFDXRKo3BRZ2CqLcH:s+l9ho79zqnrFyUFDXs2BqCJ

Entry point:

55, 8B, EC, 83, EC, 5C, 53, 56, 57, 6A, 07, 59, BE, B4, 02, 01, 00, 8D, 7D, CC, 6A, 09, F3, A5, 66, A5, 59, BE, D4, 02, 01, 00, 8D, 7D, A4, 8D, 45, CC, F3, A5, 50, 8D, 45, F4, 66, A5, 8B, 3D, 28, 02, 01, 00, 33, DB, 50, 89, 5D, FC, FF, D7, 8B, 75, 08, 8D, 45, FC, 50, 6A, 01, 53, 8D, 45, F4, 68, 00, 80, 00, 00, 50, 53, 56, FF, 15, 34, 02, 01, 00, 8B, D8, 85, DB, 7C, 3C, B8, 9C, 03, 01, 00, C7, 46, 34, 2A, 04, 01, 00, 89, 46, 70, 89, 46, 40, 89, 46, 38, 8D, 45, A4, 50, 8D, 45, EC, 50, FF, D7, 8D, 45, F4, 50... 
[+]

Developed / compiled with:

Microsoft Visual C++

Driver

Display name:

HOSTNT

Type:

Kernel device driver (KernelDriver)

Group:

Rainbow Goldensoft

Scan hostnt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.