» MaxProtector32.sys
Overview
Analysis
File Details
Behaviors (1)

MaxProtector32.sys

Max Secure Software Startup Manager Driver

Max Secure Software India Pvt. Ltd.

The file MaxProtector32.sys by Max Secure Software India Pvt has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “MaxProtector32”.

File name:

MaxProtector32.sys

Publisher:

Max Secure Software (signed by Max Secure Software India Pvt. Ltd.)

Product:

Max Secure Software Startup Manager Driver

Version:

2, 0, 0, 3

MD5:

42a9e9377fbed9825330bb3ed2fa2c90

SHA-1:

29fbc18c8cd1a310459d23f97d0597a822c1b9d7

SHA-256:

19df82705089be998819817e2b2167aab67003ce8c6d6e4cf4fa97150ab92740

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:57:06 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MaxSecure.Optional.Meta (L)

16.2.14.4

File size:

84 KB (85,984 bytes)

Product version:

19, 0, 1, 4

Trademarks:

Max Secure Software

Original file name:

MaxProtector32.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\maxprotector32.sys

Digital Signature

Signed by:

Max Secure Software India Pvt. Ltd.

Authority:

GlobalSign nv-sa

Valid from:

4/3/2012 3:30:08 AM

Valid to:

7/24/2014 12:27:41 PM

Subject:

E=tech@maxpcsecure.com, CN=Max Secure Software India Pvt. Ltd., O=Max Secure Software India Pvt. Ltd., L=pune, S=MH, C=IN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216A69882C6D7835A9F4F1D6DCB7AC9C32

File PE Metadata

Compilation timestamp:

4/5/2013 9:01:03 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

1536:qD5DcjyadT51SDyHVQhKlYf/vvfvf/vvf3L7/skPPv/nH/vPvfPvMff/f/PPCsDs:qD5DAyadt1SDyHVQhKlYf/vvfvf/vvf9

Entry address:

0x1403E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 60, EE, FE, FF, CC, CC, 9C, 40, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, 44, 01, 00, 10, 50, 00, 00, 8C, 40, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 45, 01, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0C, 45, 01, 00, F8, 44, 01, 00, 1A, 45, 01, 00, 00, 00, 00, 00, FA, 41, 01, 00, 04, 42, 01, 00, 1C, 42, 01, 00, 38, 42, 01, 00, 52, 42, 01, 00, 6C, 42, 01, 00, 88, 42, 01, 00, A0, 42, 01, 00, B4, 42... 
[+]

Entropy:

5.3587

Code size:

22.5 KB (23,040 bytes)

Driver

Display name:

MaxProtector32

Type:

Kernel device driver (KernelDriver)

Group:

Base

Remove MaxProtector32.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.