» MultiKey.sys
Overview
Analysis
File Details
Behaviors (1)

MultiKey.sys

Virtual USB MultiKey x86

Multikey

The file MultiKey.sys by Multikey has been detected as a potentially unwanted program by 24 anti-malware scanners. It runs as a Windows kernel mode device driver named “Virtual USB MultiKey”.

File name:

MultiKey.sys

Publisher:

Chingachguk & Denger2k (Elite & SP edition, private build) (signed by Multikey)

Product:

Virtual USB MultiKey x86

Version:

0.19.1.8 built by: WinDDK

MD5:

71e25013e97455abee07f6485959c6a7

SHA-1:

029c83a5075ae98a94d821cd3c30efcd42e5a640

SHA-256:

72e66965e75b383a1bc4064aeeef6803485f45f8c58243cead3ee10b56ca4ff9

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 12:49:09 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dropper.W32.Agent.ddqa!c

2.1.4+

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Drop.Agent.ddqa

8.3.3.2

avast!

Win32:Malware-gen

2014.9-160403

Baidu Antivirus

Hacktool.Win32.MultiKey

4.0.3.1643

Bkav FE

HW32.Packed

1.3.0.7744

Clam AntiVirus

Win.Trojan.Agent-712539

0.98/21511

Comodo Security

UnclassifiedMalware

24498

ESET NOD32

Win32/DongleHack.MultiKey.B potentially unsafe (variant)

10.13158

Fortinet FortiGate

W32/Agent.DDQA!tr

4/3/2016

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.0.9.0

K7 AntiVirus

Unwanted-Program

13.214.18963

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.419

McAfee

Artemis!71E25013E974

5600.6441

NANO AntiVirus

Trojan.Win32.Agent2.rqoqf

1.0.18.6677

nProtect

Trojan-Dropper/W32.Agent.1265160

16.03.10.01

Panda Antivirus

Trj/CI.A

16.04.03.05

Qihoo 360 Security

Win32/Trojan.cdb

1.0.0.1120

Sophos

Generic PUA AC (PUA)

4.98

Trend Micro

TROJ_GEN.R047C0EJT15

10.465.03

Vba32 AntiVirus

TrojanDropper.Agent

3.12.26.4

VIPRE Antivirus

Trojan-Dropper.Win32.Agent

47780

ViRobot

Dropper.A.Agent.1265160[h]

2014.3.20.0

Zillya! Antivirus

Dropper.Agent.Win32.104940

2.0.0.2717

File size:

1.2 MB (1,265,160 bytes)

Product version:

0.19.1.8

Original file name:

MultiKey.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\multikey.sys

Digital Signature

Signed by:

Multikey

Authority:

Multikey

Valid from:

4/12/2010 8:33:31 PM

Valid to:

1/1/2040 1:59:59 AM

Subject:

CN=Multikey

Issuer:

CN=Multikey

Serial number:

2BAB3957B8AF58B040B682837280BE7F

File PE Metadata

Compilation timestamp:

9/20/2010 11:58:36 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:Hp6Mp4qWOC1ROSTvYiQQ7t/4QPeu6m0AkTcRMRR6ILmuGEUkxQn+Bnb5ZWOIzAMp:Hp6M1o5QQ7t/4X/m0XT/ePEUyQnYb5Zy

Entry address:

0x1271B

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, DB, FE, FF, FF, CC, 4D, 4B, 20, 64, 72, 69, 76, 65, 72, 20, 31, 39, 2E, 31, 2E, 38, 20, 6C, 6F, 61, 64, 65, 64, 2E, 0A, 00, CC, CC, 94, 27, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5E, 2C, 01, 00, 10, 06, 00, 00, 84, 27, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 2C, 01, 00, 00, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 82, 2C, 01, 00, 6C, 2C, 01, 00, 98, 2C, 01, 00, 00, 00, 00, 00, 9E, 28, 01, 00, AE, 28, 01... 
[+]

Entropy:

7.9594 (probably packed)

Code size:

1.2 MB (1,261,056 bytes)

Driver

Display name:

Virtual USB MultiKey

Service name:

multikey

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Remove MultiKey.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.