» MultiKey.sys
Overview
Analysis
File Details
Behaviors (1)

MultiKey.sys

Virtual USB MultiKey x86

Multikey

The file MultiKey.sys has been detected as malware by 15 anti-virus scanners. It runs as a Windows kernel mode device driver named “Virtual USB MultiKey”.

File name:

MultiKey.sys

Publisher:

Chingachguk & Denger2k (Elite & SP edition, private build) (signed by Multikey)

Product:

Virtual USB MultiKey x86

Version:

0.19.1.8 built by: WinDDK

MD5:

4195feb96d54d6cd60427a8361eacece

SHA-1:

5906d61eae4a6a5a0ca2edb0e595d808a667d0df

SHA-256:

29148b44fe0c67c54bbf541caf489b34e37635abdf0b9a4e2f142f21b65963f9

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/25/2024 4:30:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.6675178

898

Avira AntiVirus

TR/Agent.1297416.1

7.11.131.136

Bitdefender

Trojan.Generic.6675178

1.0.20.1165

Bkav FE

HW32.CDB

1.3.0.4924

Comodo Security

UnclassifiedMalware

17783

Emsisoft Anti-Malware

Trojan.Generic.6675178

8.14.08.21.04

F-Secure

Trojan.Generic.6675178

11.2014-21-08_5

G Data

Trojan.Generic.6675178

14.8.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

McAfee

Artemis!4195FEB96D54

5600.7032

MicroWorld eScan

Trojan.Generic.6675178

15.0.0.699

Norman

Suspicious_Gen2.TXOYS

11.20140821

nProtect

Trojan.Generic.6675178

14.02.14.01

Rising Antivirus

PE:Trojan.Win32.Generic.12A9E3B2!313123762

23.00.65.14819

VIPRE Antivirus

Trojan.Win32.Generic

26452

File size:

1.2 MB (1,297,416 bytes)

Product version:

0.19.1.8

Original file name:

MultiKey.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\multikey.sys

Digital Signature

Signed by:

Multikey

Authority:

Multikey

Valid from:

4/12/2010 11:33:31 PM

Valid to:

1/1/2040 5:59:59 AM

Subject:

CN=Multikey

Issuer:

CN=Multikey

Serial number:

2BAB3957B8AF58B040B682837280BE7F

File PE Metadata

Compilation timestamp:

11/17/2010 11:21:12 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:xRjvAK5f8ffLWkB5aCfCvoYgba/N6g6FvR96SsPBs1GDYyFS8ndL:xJvATffD5aeCvop6YvR96RPBpD9FS6F

Entry address:

0x1271B

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, DB, FE, FF, FF, CC, 4D, 4B, 20, 64, 72, 69, 76, 65, 72, 20, 31, 39, 2E, 31, 2E, 38, 20, 6C, 6F, 61, 64, 65, 64, 2E, 0A, 00, CC, CC, 94, 27, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5E, 2C, 01, 00, 10, 06, 00, 00, 84, 27, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 2C, 01, 00, 00, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 82, 2C, 01, 00, 6C, 2C, 01, 00, 98, 2C, 01, 00, 00, 00, 00, 00, 9E, 28, 01, 00, AE, 28, 01... 
[+]

Entropy:

7.9618 (probably packed)

Code size:

73 KB (74,752 bytes)

Driver

Display name:

Virtual USB MultiKey

Service name:

multikey

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Remove MultiKey.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.