» mbrguard.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

mbrguard.sys

MBRGuard x64

Blue Ridge Networks

It runs as a Windows 64-bit kernel mode device driver named “Blue Ridge Networks MBR Guard”. This is installed with Blue Ridge Networks AppGuard.

File name:

mbrguard.sys

Publisher:

Blue Ridge Networks (signed and verified)

Product:

MBRGuard x64

Description:

Blue Ridge Networks x64 MBR Guard Driver

Version:

1.0.1.0 built by: WinDDK

MD5:

5876bfdb9da9e2b11d88ca504d87dec8

SHA-1:

c03383833cb1142ab1d61fb62cc29ab8a9fecee7

SHA-256:

403052df75f56c770379b85e2124439f6b94d520d788267b039547cf24df26c0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 3:45:01 AM UTC (today)

File size:

19.1 KB (19,560 bytes)

Product version:

1.0.1.0

Original file name:

filter.sys:

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\mbrguard.sys

Digital Signature

Signed by:

Blue Ridge Networks

Authority:

VeriSign, Inc.

Valid from:

4/6/2010 2:00:00 AM

Valid to:

4/18/2011 1:59:59 AM

Subject:

CN=Blue Ridge Networks, OU=Engineering, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Blue Ridge Networks, L=Chantilly, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0E8054D4F6BCC98DD4B953BBE865E5A1

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

384:Z8Z8Tmp1ySfRC0rjjL+XhRayqDnQeeYJLu1M6jf901bCIO:Zk8Tm5CGXL+hRayL4LWMmIbCI

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, DB, 68, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, AE, FE, FF, FF, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, 05, 3B, 29, 00, 00, 48, 8B, F9, 48, 8D, 0D, 19, 29, 00, 00, 48, 8D, 1D, 22, 29, 00, 00, 48, 3B, C1, 74, 45, 48, 3B, D8, 77, 40, 48, 8B, 43, 40, 48, 85, C0, 74, 18, 4C, 8B, 05, C0, 35, 00, 00, 48, 8D, 0D, 57, 01, 00, 00, 4C, 8B, CB, 48, 8B, D7, FF, D0, EB, 12, 48, 8B, 15... 
[+]

Entropy:

6.1343

Driver

Display name:

Blue Ridge Networks MBR Guard

Service name:

MBRGUARD

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

The file mbrguard.sys has been discovered within the following program.

Blue Ridge Networks AppGuard by Blue Ridge Networks

Publisher's description - “AppGuard provides the next generation of comprehensive antivirus protection. It stops zero-day malware - old and new, known and unknown - from executing an attack.”

www.blueridge.com/index.php/products/appguard/consumer

5% remove it

Scan mbrguard.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.