home

max_drv.sys

NGO

It runs as a Windows 64-bit kernel mode device driver named “Mark Finder Driver”.
Publisher:
NGO  (signed and verified)

MD5:
c4867521f326565770f04b61a43200ab

SHA-1:
13cefb5be7d9a4c2b7eb3620471abd8db38cd6e9

SHA-256:
49775bf78017217598d4cd61577bcdcd656319beb555034d4c0d381920bb663b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 3:34:54 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V1027
7.2.8

File size:
6.5 KB (6,656 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\users\{user}\appdata\roaming\kw\max_drv.sys

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
9/15/2012 1:56:46 PM

Valid to:
1/1/2040 6:59:59 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
920F37E55EC52C804105CE8FF6916091

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
48:a+EyaEdw4SMmnX5uSl/7GikSn7CZFpZC2tPw3t7hon2l7w3osdL1Ny8UeFxMIJib:SbnESVSik6721E7/7VkLDy8TAIIiLdQ

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 5E, FF, FF, FF, CC, CC, D8, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3E, 52, 00, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 51, 00, 00, 00, 00, 00, 00, 5C, 51, 00, 00, 00, 00, 00, 00, 74, 51, 00, 00, 00, 00, 00, 00, 94, 51, 00, 00, 00, 00, 00, 00, A4, 51, 00, 00, 00, 00, 00, 00, BA, 51, 00, 00, 00, 00, 00, 00, C4, 51, 00, 00...
 
[+]

Driver
Display name:
Mark Finder Driver

Service name:
MarkFinderService

Type:
Kernel device driver (KernelDriver)


Scan max_drv.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.