» K7FWHlpr.sys
Overview
Analysis
File Details
Behaviors (1)

K7FWHlpr.sys

K7Firewall Driver System K7 Computing

K7 Computing Pvt Ltd

It runs as a Windows kernel mode device driver named “K7FWHlpr”.

File name:

K7FWHlpr.sys

Publisher:

K7 Computing Pvt Ltd (signed and verified)

Product:

K7Firewall Driver System® K7 Computing

Description:

K7Firewall Device Driver For Vista

Version:

6.07.001 built by: WinDDK

MD5:

9cebabc4b63e0a13f49cca0389a9299f

SHA-1:

e66ebadd8c3aa10bda5e3ba588d436c789494881

SHA-256:

e3bdcdceb216bb1f4d89d70cb2313a8c0179b05a4cda0477a4ec61b1a18465fa

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 1:38:53 AM UTC (today)

File size:

15.8 KB (16,152 bytes)

Product version:

6.07.001

Original file name:

K7FWHlpr.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\k7fwhlpr.sys

Digital Signature

Signed by:

K7 Computing Pvt Ltd

Authority:

VeriSign, Inc.

Valid from:

9/5/2008 5:30:00 AM

Valid to:

10/11/2011 5:29:59 AM

Subject:

CN=K7 Computing Pvt Ltd, OU=Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=K7 Computing Pvt Ltd, L=Chennai, S=TamilNadu, C=IN

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0B2166E68513B088F30B5407007605EC

File PE Metadata

Compilation timestamp:

2/17/2007 1:09:28 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

192:Dq0TrPC+zDJjI8jJXxaxXxHwpyowJL/aMjGwP7f5MXI9DMNr+ebMEtSwMVy:DqKPC49I8jJXxaH4YJLWU31MHbtv

Entry address:

0x5005

Entry point:

8B, FF, 55, 8B, EC, A1, 08, 40, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 60, 30, 01, 00, B8, 08, 40, 01, 00, C1, E8, 08, 33, 02, A3, 08, 40, 01, 00, 75, 07, 8B, C1, A3, 08, 40, 01, 00, F7, D0, A3, 0C, 40, 01, 00, 5D, E9, 7F, C2, FF, FF, CC, D8, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, 52, 00, 00, 2C, 30, 00, 00, AC, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5E, 52, 00, 00, 00, 30, 00, 00, B8, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 52, 00, 00, 0C, 30, 00, 00, CC... 
[+]

Entropy:

6.2297

Code size:

6 KB (6,144 bytes)

Driver

Display name:

K7FWHlpr

Type:

Kernel device driver (KernelDriver)

Scan K7FWHlpr.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.