» MaxProc64.sys
Overview
Analysis
File Details

MaxProc64.sys

Max Secure Software Self Protection Driver

Max Secure Software India Pvt. Ltd.

The file MaxProc64.sys by Max Secure Software India Pvt has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

MaxProc64.sys

Publisher:

Max Secure Software (signed by Max Secure Software India Pvt. Ltd.)

Product:

Max Secure Software Self Protection Driver

Version:

1, 0, 0, 1

MD5:

ebdaed1a5d0c6d039b2323f992053610

SHA-1:

043b800806cb8ced44990a8940dd66c2b8976b91

SHA-256:

a9bb4b4f7ca80b1dc72e4bee2cdb3eed42248b6aa73ee01ee29e5e21e6ee6043

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 4:39:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MaxSecure.Optional.Meta (L)

16.2.14.11

File size:

67 KB (68,576 bytes)

Product version:

19, 0, 2, 1

Trademarks:

Max Secure Software

Original file name:

MaxProc64.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\maxproc64.sys

Digital Signature

Signed by:

Max Secure Software India Pvt. Ltd.

Authority:

GlobalSign nv-sa

Valid from:

4/3/2012 2:00:08 AM

Valid to:

7/24/2014 10:57:41 AM

Subject:

E=tech@maxpcsecure.com, CN=Max Secure Software India Pvt. Ltd., O=Max Secure Software India Pvt. Ltd., L=pune, S=MH, C=IN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216A69882C6D7835A9F4F1D6DCB7AC9C32

File PE Metadata

Compilation timestamp:

2/13/2014 1:41:50 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

1536:auOlSDyHVQhKl4f/vvfvf/vvf3L7/skPPv/nH/vPvfPvMff/f/PO8WtKJpu5LMFN:a/lSDyHVQhKl4f/vvfvf/vvf3L7/skPq

Entry address:

0x110DA

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 1C, FF, FF, FF, CC, CC, 14, 11, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 38, 13, 01, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, EE, 11, 01, 00, 00, 12, 01, 00, 12, 12, 01, 00, 28, 12, 01, 00, 40, 12, 01, 00, 50, 12, 01, 00, 66, 12, 01, 00, 7E, 12, 01, 00, 92, 12, 01, 00, AA, 12, 01, 00, D6, 11, 01, 00, B4, 12, 01, 00, BE, 12, 01, 00, D6, 12, 01, 00, F2, 12, 01, 00, 04, 13, 01, 00, 10, 13, 01, 00, 1A, 13... 
[+]

Entropy:

4.8527

Code size:

7.5 KB (7,680 bytes)

Remove MaxProc64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.