» keymulti.sys
Overview
Analysis
File Details
Behaviors (1)

keymulti.sys

Virtual USB MultiKey x86

Multikey

The file keymulti.sys has been detected as malware by 29 anti-virus scanners. It runs as a Windows kernel mode device driver named “Virtual USB KeyMulti”.

File name:

keymulti.sys

Publisher:

Chingachguk & Denger2k (Elite & SP edition) (signed by Multikey)

Product:

Virtual USB MultiKey x86

Version:

0.18.2.4 built by: WinDDK

MD5:

ad363f4136ab695a5ec80201e70f3bae

SHA-1:

fe8207c48a9014b006b6e17e75621ed768d5d437

SHA-256:

896908cd16cb28eaf8a5239236ec7aad010be8677d03fdd6f4560b9591f4c618

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/25/2024 8:22:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.8183373

799

AegisLab AV Signature

Troj.Dropper.W32.Agent

2.1.4+

Agnitum Outpost

Trojan.VMProtect

7.1.1

Avira AntiVirus

TR/Agent.VMProtect.aaa.24

7.11.189.28

AVG

Win32/Blacked

2015.0.3277

Baidu Antivirus

Trojan.Win32.VMProtect

4.0.3.141128

Bitdefender

Trojan.Generic.8183373

1.0.20.1660

Bkav FE

HW32.Packed

1.3.0.4959

Clam AntiVirus

Win.Trojan.8183373

0.98/21511

Comodo Security

UnclassifiedMalware

20202

Emsisoft Anti-Malware

Trojan.Generic.8183373

8.14.11.28.04

ESET NOD32

Win32/Packed.VMProtect.AAA (variant)

8.10787

Fortinet FortiGate

W32/Generic

11/28/2014

F-Secure

Trojan.Generic.8183373

11.2014-28-11_6

G Data

Trojan.Generic.8183373

14.11.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.186.14150

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2879

McAfee

Artemis!AD363F4136AB

5600.6933

Microsoft Security Essentials

VirTool:Win32/Obfuscator.XZ

1.11202

MicroWorld eScan

Trojan.Generic.8183373

15.0.0.996

NANO AntiVirus

Trojan.Win32.Agent2.baqcpo

0.28.6.63726

Norman

Troj_Generic.GKVLJ

11.20141128

nProtect

Trojan.Generic.8183373

14.11.26.01

Rising Antivirus

PE:Trojan.Win32.Generic.1521F607!354547207

23.00.65.141126

Sophos

Mal/Generic-L

4.98

Trend Micro House Call

TROJ_SPNR.02DS13

7.2.332

Trend Micro

TROJ_SPNR.02DS13

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

35162

File size:

205 KB (209,928 bytes)

Product version:

0.18.2.4

Original file name:

MultiKey.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\keymulti.sys

Digital Signature

Signed by:

Multikey

Authority:

Multikey

Valid from:

4/20/2010 1:17:23 PM

Valid to:

1/1/2040 1:59:59 AM

Subject:

CN=Multikey

Issuer:

CN=Multikey

Serial number:

7A19072DF64273A141B5661F27ABE341

File PE Metadata

Compilation timestamp:

4/20/2010 12:42:27 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:DyMsDtacw33K9C/NOR/o++7UCmNzovW1W0nMyw4ZqX3sXGf4f3SVjNVYV:DyMs5An0R//+7UCU1frrqX3sXBCVcV

Entry address:

0xD2E8

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 0E, FF, FF, FF, 44, D3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B6, D7, 00, 00, 10, 06, 00, 00, 34, D3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, D8, 00, 00, 00, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DA, D7, 00, 00, C4, D7, 00, 00, F0, D7, 00, 00, 00, 00, 00, 00, 42, D4, 00, 00, 5A, D4, 00, 00, 68, D4, 00, 00, 80, D4, 00, 00, 96, D4, 00, 00, B4, D4, 00, 00, CC, D4, 00, 00, E4, D4, 00, 00, F8, D4, 00, 00... 
[+]

Code size:

198.5 KB (203,264 bytes)

Driver

Display name:

Virtual USB KeyMulti

Service name:

keymulti

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Remove keymulti.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.